Security for IT pros is an ever-growing challenge. The biggest risk? You may not even notice you're being attacked. Here are some of the more common recent threats and what you can do about them.
Scared picture from Shutterstock
The business case for criminals who break into networks and steal data is staggering. Dustin Kehoe, an Associate Research Director with IDC, recently reported at a forum for IT media and analysts in the Asia Pacific region on the speed and efficiency of motivated hacker attacks:
In 85 per cent of the cases it takes me seconds or minutes to come into your network and steal what I need to steal. In 85 per cent of the cases it takes months or weeks before you discover it. In 9 per cent of the cases it takes years.
The key motivator for the bad guys has changed over the years. In the early days malware creation and distribution, while damaging and annoying, was akin to the work of graffiti artists who damage or tag an object or property for their own personal reasons. Today, the primary motivation is money. According to IDC, financially driven attacks are the most targeted.
There are many other threats as well. In Australia, the proliferation of ransomware is accelerating with SMEs a common target. The ransomware shuts down your website and a demand for payment is made to turn things back on. Often, the site doesn't really turn back on leaving the victim out of pocket and without access to a key business application.
APT, or Advanced Persistent Threats, are perhaps the most dangerous security issue facing governments and business today. They siphon information over protracted periods with advanced versions focusing on gaining control of critical infrastructure. These threats are often operated by nation states and cyber cartels although the technology has military and intelligence origins.
APT attacks are not "smash and grab". They are persistent in nature and highly targeted. The utilise combination of attacks methods such as malware, social engineering and known vulnerabilities. They can be polymorphous to avoid detection.
What's even scarier is that you no longer need to be a technical expert to launch a cyber attack. Kehoe says that there's a video on YouTube that shows how to rent a DDoS attack. "I believe the organisation is based in Ukraine. But yes, 24 hours they'll take down any website you want them to take down".
In parallel with the constant change of the threat landscape come monumental shifts in how technology is deployed and managed. In particular, mobility is no longer a special service delivered to a select few in the business with specialised job roles. Almost everyone you bum into has a smartphone and/or tablet and/or notebook computer.
According to Kehoe "it's quite astonishing that considering all the devices that we have out there only 20 per cent of organizations actually have a security policy. That's 80 per cent who actually don't. Considering that Android has reached the millionth breach in three years and it took Microsoft 14 years to reach that, that's going to be quite telling".
Is Antivirus Dead?
Given the changes to the threat landscape it might be tempting to think that antivirus software at the endpoints is a solution that's no longer relevant. But that's not the case according to Neeraj Khandelwal, product manager for Barracuda Networks. "If you don't have an antivirus on your perimeter you're just opening up the attack surface," he says. Or to paraphrase: even a cheap lock on your bike deters potential criminals.
Nelson Soon, director of sales for SEA/ANZ and Taiwan at Ixia, agrees, noting that "antivirus is a fundamental basis of where basic protection needs to begin".
One of the challenges faced by antivirus software developers is that they are a reactive tool. In most cases they rely on a threat being identified and a signature found. Then, a new set of detection signatures is distributed so that the newly identified malware can be found and an appropriate action taken.
Doug Schultz, VP for Asia Pacific/Japan at FireEye says that detecting such attacks throws up new challenges.
"What we're saying regarding signature versus signature-less, signature looks for a pattern - we've seen it somewhere else. So if you are looking for what you know and you can match that, that's great. So that's typically what we rely on the IDS and AV, antivirus. What we're seeing a lot more today is that there are toolkits, malware toolkits that are easily accessible today where people can create unique malware that's undetected and these are signature-less. So there's no instance for this specific malware anywhere in the world and it's made for a specific government user or specific manufacturer".
This presents IT managers with the need to take a layered approach to their security.
At the frontline there's traditional end-point security software. While it might seem passé, traditional antivirus is the first step to reducing the threat surface.
Then there's need to look at intrusion detection systems and intrusion remediation for dealing with anything that gets in. Craig Skinner, a senior consultant from Ovum, says that "it's having this suite of different solutions that sort of help you to prevent and lower your risk and also help you to detect and manage events and incidents when they do happen. So if you're looking, you've got your signature base, the virus protection, but then you've got the solution that you provide that sort of looks at more the dynamic behaviour of specific files coming in"
Creating the right policies and procedures and ensuring that all staff are trained in how to behave in a risk averse way also reduces the threat surface.
Disclosure: Anthony Caruana travelled to Thailand as a guest of NetEvents to attend this forum.