“To see victory only when it is within the ken of the common herd is not the acme of excellence.” – Sun Tzu
by Blake McConnell of Symantec
There may not be physical battle lines drawn, but the current conflict between cybercriminals and businesses and governments is just as real and damaging as a war fought with bombs and bullets. As one side makes a tactical adjustment, the other seeks to outflank them. Instead of physical casualties, however, its information that is at stake in this war — information that is worth millions in the right hands.
While the war is not new (the first known computer virus was written in 1971), the last few years have certainly placed more of a spotlight on security incidents resulting in the theft of sensitive information. There is some skepticism as to whether organizations can continue to resist what most consider inevitable; be it a data breach or a targeted attack.
While the risks are very real, a handful of high-profile incidents do not mean that defeat is a foregone conclusion. In fact, there is every reason to believe that we are holding our own in the cyberwar. In fact, we would go as far to say that we remain in front of the majority of these attacks and are actually winning the war.
Here are the key considerations to ensure victory in this ongoing battle:
No. 1: Understanding the threat environment
Businesses executives can take heart knowing that there exists an excellent intelligence community keeping current on the activities of hackers and other cybercriminals. This invaluable resource enables us to maintain real-time awareness of the constantly changing threat vectors they are employing.
A case in point: While, in the past, cybercriminals were predominantly sending out massive amounts of spam in the hopes of infecting a few machines, today’s business threats are becoming far more targeted.
This may take the form of a single phishing or social engineering attempt, in which publicly available information is used in an attempt to solicit a response to an email. Attack kits are also widely available, allowing would-be cybercriminals with little technical knowledge to design and deploy unique malware designed to bring a profit through information theft.
In addition to these “smash-and-grab” attacks, however, advanced persistent threats (APTs) are increasing in popularity. These insidious attacks are typically initiated by groups with significant resources, such as nation-states, with the goal of intelligence gathering or sabotage. They maintain a low profile as they work their way through systems to a desired target.
But, forewarned is forearmed, and organizations are learning to defend against these attacks.
Cybercrime is similar to conventional crime. Law enforcement can’t completely eliminate illegal activities, but they work to rein it in. In the war against cybercrime, security professionals have their finger on the pulse of these activities to allow us to quickly respond to new threats.
No. 2: Security is keeping pace with infrastructure developments
Not only are hackers’ methods changing, the basic IT organization is undergoing fundamental changes. Several new technology trends are paving the way for increased productivity in the workplace. The enormous increase in the use and capabilities of mobile devices, for example, means that employees are accessing corporate data from more places outside the business. This leads to new concerns about vulnerabilities in the mobile devices themselves, which utilize a variety of operating systems, as well as the use of outside networks to view confidential information.
A similar fear relates to cloud computing. Each year more organizations take advantage of the cloud, which provides cost-effective data storage and application delivery, allowing businesses to accomplish more with less, and adopt new initiatives without needing to integrate them into the existing IT infrastructure. But companies are reluctant to put confidential data into the cloud for others to manage, and they are nervous about line-of-business apps that make use of the cloud to deliver corporate data to devices outside of the office.
However, these risks are manageable through many of the same precautions that are already routinely used to secure on-premise endpoints and infrastructure. Mobile devices can be provisioned with only company-authorized software to reduce risks of malware infection, and a variety of security measures such as dual authentication and encryption keep information safe even in the event of loss or theft of devices. Similarly, providers of cloud computing offer security as a service, and vendors are rising to the challenge of creating solutions to protect data regardless of where it may reside.