Paradigm Shift in Information Protection: Moving from Prevention to Detection

Key Elements of Security

All of us (at least of the security specialists) believe that security consists of three key elements:

  1. Prevention
  2. Protection
  3. Response

Security Incidents: Externally vs. Internally Caused Incidents

Furthermore we all believed that most of  the security incidents, around 70% say an older FBI survey, have been caused by employees and at least people from the inside of an organisation without mentioning if these have been fraudulent activities or if these incidents had been caused by accident.

Now things have changed. I do not have an exact number from a survey but now a lot of people believe that the ratio is now 30% from inside and 70% from the outside.

What is the conclusion? Looking at this a lot of people believe that the reduction in the inside caused incidents are a result of better prevention and awareness campaign.

Looking at the information available on the internet we need to come to the conclusion that the absolut amount of security incidents from the inside are still the same while the number of externally caused security incidents increased dramatically.

Advanced Persistent Threats

The acronym APT was not used till 2005 but then created by the US government. I do not want to describe the nature of an APT in detail – that has been done often enough – but I would like to point out that it becomes more and more difficult to prevent your infrastructure from being penetrated. Due to the fact that APT result in slow and low intrusions it is also really difficult to detect them.

When it comes to an intrusion there are two key elements you can deal with:

  1. Time to Detection
  2. Mean Time to fix

The ultimate goal is to reduce both times to a minimum which means reducing your information leakage.


Let’s gather some facts I described in my posting:

  1. Threats from the outside (cyber threats) are increasing dramatically
  2. Intrusion Techniques evolve – APT is reality
  3. Prevention is not effective
  4. Detection is the only solution against APT

The only conclusion I can come to it that organization that want to achieve a reasonable “amount” of security need to focus on detection and shift their capabilities.

 You might want to walk trough the Prezi attached

Happy New Year

It is now approximately 10 months ago that I announced to relaunch my blog and restart writing about security. What I didn’t know at that time is that this year became my personal nightmare.

I lost my grandma and my brother in law. My grandma died at the age of 96 and my brother in law at the age of 46. This is something  you can’t prepare yourself! This knocks you out!

Driven by my brother in law’s sudden death I decided to change the way I live. Pay more attention for my family, get rid of the weight I gained in more than 11 years of KPMG. I started running again and lost already 14 kilos of my weight. Another 14 are to go now!

Another thing I will change is the place where I live. Something what came pretty quick was changing my working life. I am now not any more part of the KPMG partnership, and will start something new in the area of information protection during this year I am preparing myself for and I may tell you that it will be great!

These changes have been massive but it is a really good starting point for my “new” life. I got rid of all the add on roles that consumed a lot of power and time and I can now focus on people that matter to me and my profession again.

One of those things that helped me after these massive changes was that a big part of my physical and virtual social network supported my very intensively. That was great and gives my a lot of power and inspiration to go for my future projects:

Building my new house started last year and will hopefully finalized in 2014. I will think about certain aspects in security and take some time to write about them. Maybe I will start to write a book of my own (I already have something in my mind). I will continue working on the 4th edition of the cloud computing book together with Tobias and some others I now know for many years. Doing my first half marathon this year and hopefully my first marathon next year. Last but not least I will really relaunch my social media activities on facebook and twitter.

One event that made me so positive is a speech that I heard given by Jim Lawless – Tame your Tiger ( on FB: . I heard it 3 or 4 years ago and it was a very important impulse in my private and business life. At that time I was not successful in changing my life. My tiger was too big! Jim gave us postcards and asked us to write down which is the tiger each of us wants to tame. My tiger was changing my working life! Now others “helped” me to tame this tiger and helped to make things come true I was not prepared for.

I hope that you now have a better understanding of the situation I was in for the last 10 months. But now it is time to look forward again going for a fantastic year 2014 with a lot new experiences, new people and environment.