The short answer is a resounding No. But, it is a nice marketing strategy and certainly a lofty goal. Google announced a new team called Project Zero last week with the express intention of ridding the world of cyber attacks and garnered CNN headlines for their efforts because, well, they’re Google. And if Google says they can do something it must be true.
The reality is no one can rid the world of cyber attacks. They may be able to eliminate (but more likely mitigate) the impact of those attacks, but can’t prevent outside sources from ever perpetrating a cyber attack. According to an Online Security Blog at Google by Chris Evan, “Researcher Hearder”:
“You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. Yet in sophisticated attacks, we see the use of "zero-day" vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. This needs to stop. We think more can be done to tackle this problem.”
We at EiQ Networks couldn’t agree more! But a more realistic view is a comprehensive program that includes:
- People: trained security professionals who understand the nuances of the security and compliance landscape with appropriate certifications such as CISSP
- Process: There are a number of tried and true process steps such as the SANs critical controls which need to be monitored on an on-going basis in order to truly mitigate the impact of all risks. Remember nothing can stop every possible cyber attack, but a great offensive plan for remediation will help limit the damage significantly.
- Technology: Yes, you will have to fight fire with fire. Detecting, preventing and/or remediating cyber attacks will require a cyber solution. Specifically technology that can monitor, block and remediate known and unknown potential security-impacting technology.
The good news is that there are now service offerings that do all of this for you while your data stays where it should (within your enterprise).