How Secure Is Your Business Really?

Monday, February 23, 2015

How much are you spending on security? You may have firewalls, intrusion prevention systems (IPSs), endpoint protection platforms and secure Web gateways but is this enough? The traditional security dangers are being replaced by a far more hazardous, insidious form of attack - the Advanced Persistent Threat (APT).

An Advanced Persistent Threat (APT) is a network attack by a hacker in order to gain access to your network. The purpose of these attacks is to place custom malicious code on one or multiple computers for specific tasks and to remain undetected for the longest possible period. They want to steal data rather than cause damage and are happy to wait until the right opportunity presents itself. In other words, they have a lot of patience!

In the past, a hacker would try to get in and out as quickly as possible in order to avoid detection by your network's intrusion detection system (IDS). In an APT attack, however, the goal is not to get in and out but to achieve ongoing access. They want to maintain access without discovery. In order to do that they continuously rewrite code and employ sophisticated evasion techniques.

The best way to understand what the term APT means is to define each word:

ADVANCED: The attacker has the significant technical capabilities required to take advantage of weaknesses in the target – including coding skills and the ability to uncover and exploit previously unknown vulnerabilities.

PERSISTENT: Unlike short-term, one-off hacks that capitalize on temporary opportunities, APTs often unfold over the course of years, employ multiple vectors and combine security breaches over time to gain access to more – and significant – data.

THREAT: The individuals, groups and organizations that execute APTs have the motivation, ability and resources needed to be successful.

Advanced persistent threats (APTs) are getting more and more sophisticated and use social engineering techniques to quietly penetrate your business to deploy customised malware that can live undetected for months. Then when you are least expecting it, they can remotely and covertly steal your valuable information from credit card data to intellectual property.

One of the most recent and high profile attacks was at Sony Pictures Entertainment where they apparently stole more than 25 gigabytes of sensitive data on tens of thousands of Sony employees, including social security numbers, medical and salary information. It’s estimated that this hack will cost Sony $100 million  which includes lawsuits from disgruntled employees whose data was stolen.

All size organisations can be targeted!

Don’t think that APT attacks are limited to large organisations. According to Verizon’s 2012 Data Breach Investigation Report, the APT threat is real for large and small organisations alike, because organisations of all sizes have valuable data. According to Verizon’s findings, “nearly all payment card breaches are shown to affect small businesses, [which is a continued] trend… where the bulk of criminal activity targeting payment cards has shifted away from larger organisations to smaller ones, primarily because they can be obtained at a lower risk.”

The reality is that traditional security is no match for APTs. While common perimeter and infrastructure protection may help prevent or delay the initial network penetration, they can do little once a foothold has been established. You require a more proactive, comprehensive protection strategy – one that can detect APTs earlier and prevent attempts to escalate privileges or export sensitive data.

What you need is ‘Defence-in-Depth’, a strategy that complements traditional security solutions with identity and access management capabilities. It enables you to build and apply a security model that allows or denies actions based on business rules, data sensitivity and specific types of behaviour. Defence in-Depth will help your organisation to stay one step ahead of APTs and reduce the effects such an attack can have on the business and your employees, customers and partners.

In Forrester’s report ‘Mitigating Targeted Attacks Requires An Integrated Solution’ they say “Many of today’s security investments are simply not aligned to defend against these targeted threat vectors. Detecting and responding to advanced threats should involve tight integration of multiple security technologies, network analysis and visibility (NAV) tools, the ability to automatically generate content such as security rules and signatures, context on attacker history, and overall customization and flexibility to ensure that the solution is fine-tuned for your specific IT environment”

For this report Forrester surveyed 350 IT enterprise security decision-makers in the US, UK, France, and Germany about their technology expectations for targeted threat detection and response and found that respondents agree that there are significant benefits to be had from integrated, customisable, and flexible security solutions.

A Defence-in-Depth strategy will allow you to:

  • Make the initial penetration difficult
  • Reduce the potential for privilege escalation in the event an account is compromised
  • Limit the damage that can be done by a compromised account
  • Detect suspicious activity early in the intrusion attempt
  • Gather the information forensic investigators need to determine what damage occurred, when and by whom

As far as APTs are concerned, early detection leads to early mitigation. If you want to protect your intellectual property and data then you must adopt advanced threat detection and response solutions that identify malicious activity quickly and enable earlier mitigation of targeted attacks.

Give us a call on 1 300 780 730 if you’d like peace of mind and some assistance with overhauling your security.

Is your IT infrastructure as healthy as it should be? Don’t wait until it’s too late - read about our Security Health Check