by Bharat Mistry
If 2014 was the year of the targeted attack, 2015 is already proving just as prolific for cybercriminals. Barely a week goes by without hearing about yet another major data breach of sensitive IP or customer information. The latest data makes for pretty depressing reading for IT leaders: if we’re to believe it, virtually every organisation in the UK has now been hacked at one time or another. But it should also be a wake-up call that determined attackers have the tools, the persistence and the technique to get inside your network.
With this in mind, it’s more important than ever that IT bosses adapt their strategic thinking. They need to accept that they have probably been breached, and work instead towards locating an attack and responding effectively in order to mitigate risk.
Rise of the targeted attack
The latest stats come from a pretty reputable source: the Duke CFO Global Business Outlook, which gathers responses from chief financial officers and finance directors around the world. It claimed that 96% of UK respondents had seen hackers penetrate their networks in order to steal, change or expose sensitive data. The figure is higher than the 92% of European respondents who said they’d been hit, and much larger than the 80% of US CFOs interviewed.
A similar report from PwC – its well respected Information Security Breaches Survey – revealed recently that 90% of large organizations had a breach last year, up from 81% a year previous. For small firms some 74% said they’d been hit, up from 60%. The costs involved have also soared to over £3 million for large firms, and up to £311,000 for their smaller counterparts.
Knowledge is power
These stats aren’t necessarily a bad thing, per se. At Trend Micro we’ve been saying for years that with targeted attack tools and services now widely available on the dark net, no organisation is safe. Whether it’s a nation state looking to steal information from your organisation for geopolitical advantage, or a financially motivated cybercrime gang, the end result is the same. The tools and techniques they use have been specially crafted to evade detection. Most begin with a spear phishing email which, if successful, will lead to a covert malware download completely unbeknown to the victim. Some attacks switch ports and protocols, others lie dormant for long periods.
In short, traditional filters and defences simply can’t spot or block this kind of modern, advanced threat.
Faced with such a threat landscape, IT security chiefs need to think about investing in tools and strategies which steer away from defending everything at the network level and move towards, detection, response and recovery. Part of this must come from tools like Deep Discovery which provide better insight into unusual network activity – often a tell-tale sign of unauthorised intrusions.
Here’s just a brief snapshot of things you can start doing right away to minimise the impact of a damaging targeted attack
- Educate end users to spot spear phishing emails. They should know never to click through or even open unsolicited messages.
- Keep a list of blacklisted malware sites and whitelisted safe sites constantly up-to-date
- Ensure users have strong passwords, do not reuse credentials across accounts and avoid visiting untrusted sites which could redirect them to malware
- IT must tighten access control s and operate a principle of “least privilege” to minimise their risk exposure
- Software patches, AV and other systems must be kept up to date to minimise the risk of common vulnerabilities being exploited
- Gain situational awareness into networks to spot signs of potential compromise via advanced Threat Protection tools
- Sit down with legal, HR, comms and any other relevant department to draw up an incident response plan. This means that when the worst happens, everyone knows their roles.
- Practice “war game” drills to test your incident response readiness