Over the years cybercriminals have honed the techniques they use to attack businesses. They have moved on from largely random attacks that rely on sheer volume to take in a few gullible individuals, to targeting specific organisations and the individuals within.
The techniques developed have proved attractive to a newer type of attacker, the hacktivist, who bears a grudge against a particular organisation. Added into this poisonous mix is some very sophisticated malware that nation states have developed to attack each other, which has been repurposed by the broader community of hackers.
Whilst this is a problem for businesses, it is an opportunity for resellers. A recent Quocirca research report explains why traditional IT security measures, such as anti-virus, firewalls and intrusion prevention systems, are not enough to defend against such targeted attacks; more advanced defences are needed. Whilst few plan to abandon the old defences, the need for new ones is recognised and the budget is being made available.
For resellers this means that many of the maintenance contracts for existing IT security products will remain in place, however they will also find a willingness to invest in new products and the services to deploy these effectively. Quocirca’s report looks at the details behind all this; how common certain types of attack are, which industry sectors are being hit the hardest and what defences are available; all information that should prove useful to resellers that need to overhaul their security offerings.
75% of organisations say they are concerned about targeted attacks, the majority of the rest lack awareness; few dismiss the problem as exaggerated (Figure 1). This awareness will be partly down to the reporting of such attacks in both the IT, business and popular press, but it is also because all too many organisations have actually been victims, often with a significant impact.
The likelihood of having been hit is highest in sectors with valuable intellectual property and/or lots of regulated/personal data; pharmaceutical firms, public sector bodies, manufacturers and financial services organisations top the list. The most likely impact is the loss of regulated financial data (mostly this will be payment card details) followed by lost business (Figure 2). The latter may be a direct goal of a hacktivist or just due to the disruption caused by having to clean up after an attack. Given the wide coverage in the press to some high profile attacks, the fact that negative media coverage is at the bottom of the list, just shows how many attacks are going unreported by the media.
There are many vectors that can be used to perpetrate targeted attacks. These include those that aim to directly dupe individuals such as spear-phishing (targeted emails) and social engineering (spurious contacts via Facebook etc.) However, ultimately, most involve some sort of tailored (zero day) malware, often exploiting unpatched or unknown application and system vulnerabilities.
The majority of organisations have discovered malware running on their networks that they were not previously aware of. Most think unknown malware is running on their servers, mobile devices and PCs (Figure 3). Clearly, traditional security measures, which almost all have in place, are failing at some level.
30% of smaller businesses (those with less than 5,000 employees) say they have deployed some sort of technology to specifically defend against targeted attacks, 13% say they are evaluating; more need to do so. The measures that can be taken with advanced protection in place include deep packet inspection of network traffic, application whitelisting, the use of sandboxes, heuristics and advance correlation technology. More details about these techniques and others is provided in Quocirca’s’ report.
One man’s pain is another man’s gain. No one should condone online criminal activity, but it is a reality. Resellers will benefit from new revenue streams gained through adding the defences against targeted attacks to their portfolios; so will their customers.
Quocirca’s report “The trouble heading for your business” is freely available to ITD readers at this link http://www.quocirca.com/reports/797/the-trouble-heading-for-your-business