DISASTER RECOVERY
xxxxxxxSecurity Strategy
Cyber
How Well Protected Are You?
By: Richard Cassidy, Technical Director EMEA, Alert Logic
Introduction
Richard Cassidy
takes a closer look at
today’s cyber-threat
landscape
Regardless of how long you’ve been
involved in security or data protection,
you’ll have asked yourself the question,
‘are we protected?’ Furthermore,
you’ll have repeated that very same
question each and every time you read
of a similar company in your market
having been compromised. In the
past several years, legislation has been
mandating companies publically disclose
any data-breaches, which has caused
some to cease their business entirely,
grossly affected market confidence and
negatively impacted overall brand value,
so you are probably checking in on your
security posture more now than ever
before, but how can you prevent being
impacted by the increased number of
threats we are seeing?
Cyber Criminals
The good news – of sorts – is that
threats haven’t really changed since we
first became more publically conscious
of data breaches. For decades we’ve
had opportunistic attackers, script
kiddies and cyber criminals all following
similar methodologies of attack today
as they did back then. We still see
performance-based attacks through
DoS/DDoS, we still see operating
system (OS) vulnerability exploits and
we still see application attacks, albeit in
far greater numbers these days. The
methodology of attacks has remained
very similar through the ages, with
social networking still the favoured
route by the majority of attackers
seeking to distribute malware. Cyber
criminals range from those that adopt
a mass-market approach, reaching
as many organisations as possible so
that vulnerabilities can be exploited
and the data monetised as quickly as
possible, through to more sophisticated
attackers. These attackers are more
targeted and measured, and conduct a
period of reconnaissance against their
targets to identify weaknesses that are
then exploited with cleverly crafted
methods to exfiltrate confidential
data, intellectual property or hold
corporations to ransom. The volume
of these types of attacks is less, but has
a higher financial gain. So why are
threats seemingly getting worse, when
we’ve advanced at a rate of knots in
technology and capability when it comes
to threat protection?
Security
Many organisations have implemented
a breadth of security technologies from
multiple vendors to try and get one
step ahead of the problem – from log
management and monitoring products,
to host-based anti-virus solutions and
gateway scanning tools. At the same
time, hackers are becoming more
advanced, and organisations have yet
to fully comprehend the anatomy of
a cyber attack and the mind-set of
who and what they’re up against in
terms of hacker cells, cyber criminals
and hacktivists; the greatest victories
in the history of battles were never
down to sheer size and force; they
were down to deep understanding of
the motivations and behaviours of the
target, the landscape and the effective
use of the tools at hand implemented
Organisations have yet to fully comprehend the anatomy of a cyber attack
8
NETCOMMS europe Volume V Issue 6 2015
www.netcommseurope.com