As criminals get access to better technology and as the underground markets get more active, it is not surprising that targeted attacks become more mainstream. This is something we have seen over the last 6-8 months as well as extortion threats grew in parallel.
There is another trend I see talking to other organizations: Midsize companies are often unable to fight crime on that level. They might be able to withstand a virus attack or run a normal incident but as soon as it gets sophisticated, they are lost and this is completely understandable. At Swisscom I had a team of almost 80 security professionals doing everything from policies to architecture to physical security to in-house consulting to incident response. Often I see that the CSO is part-time, sometimes fulltime with a small team and often they do not come from the security industry. Now, you need to compareâ€¦
This is even true for a lot of companies which are outside the really big ones which are willing to pay the bill for good security. What adds to this is, that rarely an organization is willing to confirm that they should build security around the mantra of being compromised. “Assume breach” has to be a baseline of any security architecture today. This means that monitoring and new ways doing threat intelligence has to be one of the next areas of investment. But you need to be able to prove that and have the background and the connections to understand what is going on in the underground market.
If you take this back to the statement I made above about the size of organizations, I guess that companies have to look into outsourcing these roles. I do not think that they can afford an environment where they get the right people to address these threats. Outsourcing security â€“ security is a service â€“ is something I never thought will be on a CSO’s/CEO’s agenda, I had to change my mind (Outsourcing Security). It will be crucial that they look into this and really get the pros doing it. There is simply not enough talent on the market and budget to be invested to make this happen otherwise.
Finally, even if a company is well set up to defend against these threats, if I would be a hacker I would then go after your supply chain and find the smaller company I can get in which helps me to get into your infrastructure.
The Gartner interview I mentioned in the title is here: APT Attacks Will Seek Smaller Targets and talks about similar approaches and challenges.
By the way: I hate the term Advanced Persistent Threat. Most attacks I have seen recently are not advanced. The leverage well known vulnerabilities and well known mistakes you should not make (keeping the door unlocked). They are definitely a threat and sometimes even persistent. But it is easier to say that you fell victim of an APTâ€¦
- Continuous monitoring vs Black Hat hackers – which should you rely on to identify web security issues? (information-age.com)
- Fight against crime…Public must take precautions too (kaieteurnewsonline.com)
- ‘Digital evidence crucial’ (thehindu.com)
- Why the Internet Of Things will change cybersecurity forever (computerworld.co.nz)