How well protected are you in today’s cyber-threat landscape? – Part 1
Regardless of how long you’ve been involved in security and/or data protection projects, you’ll have asked yourself the question “are we protected?” Furthermore, you’ll have repeated that very same question each and every time you read of a similar company in your market having been compromised.
In the past several years, legislation has been mandating companies publically disclose any data-breaches, which have caused some companies to cease their business entirely, grossly affected market confidence and negatively impacted overall brand value, so you are probably checking in on your security posture more now than ever before, says Richard Cassidy of Alert Logic
But how can you prevent being impacted by the increased number of threats we are seeing?
The good news – of sorts – is that threats haven’t really changed since we first become more publically conscious of data breaches. For decades we’ve had opportunistic attackers, script kiddies and cyber criminals all following similar methodologies of attack today as they did back then. We still see performance based attacks through DoS/DDoS; we still see operating system (OS) vulnerability exploits; and we still see application attacks, albeit in far greater numbers these days.
The methodology of attacks has remained very similar through the ages, with social networking still the favoured route by the majority of attackers seeking to distribute malware. Cyber criminals range from those that adopt a mass-market approach, reaching as many organisations as possible so that vulnerabilities can be exploited and the data monetised as quickly as possible, through to more sophisticated attackers. These attackers are more targeted and measured, and conduct a period of reconnaissance against their targets to identify weaknesses that are then exploited with cleverly crafted methods to exfiltrate confidential data, intellectual property or hold corporations to ransom. The volume of these types of attacks is less, but has a higher financial gain.
So why are threats seemingly getting worse, when we’ve advanced at a rate of knots in technology and capability when it comes to threat protection?
Many organisations have implemented a breadth of security technologies from multiple vendors to try to get one step ahead of the problem – from host-based anti-virus solutions, to gateway scanning tools to log management and monitoring products. At the same time, hackers are becoming more advanced, and organisations have yet to fully comprehend the anatomy of a cyber-attack and/or the mind-set of who and what they’re up against in terms of hacker cells, cyber criminals and hacktivists; the greatest victories in the history of battles were never down to sheer size and force; rather it was down to deep understanding of the motivations and behaviours of the target, the landscape and the effective use of the tools at hand implemented effectively to get the job done.
But the sheer volume of these technologies operating across complex infrastructure environments, coupled with lack of resources to maintain these systems and delve deep into understanding the data these technologies produce, are creating the gap that commercially-motivated hackers are looking to exploit.
Analysts estimate that about 80% of vulnerabilities that hackers exploit are preventable with basic security practices around patching, upgrades and enforceable security policies. If this 80% was eliminated organisations could put their scarce resources and budgets to better use focusing on their security and compliance posture under attack from other methods.
The author is Richard Cassidy, technical director EMEA, Alert Logic