Cyber attacks occur with increasing speed and sophistication. Advanced persistent threats (APTs) that are tailored to infiltrate a network and target specific information are a reality, and are only going to become more pervasive.
In today’s world of the Internet of Things (IoT) where all devices connect to the Web and to each other, breaches are a matter of ‘when’, not ‘if’. A hacker who is determined enough will eventually find a way in, via a vulnerability in the network perimeter, stolen login credentials, a zero-day exploit, or by employing spear-phishing techniques.
Robert Brown, CEO of DRS, a Cognisec company, says today’s security solutions and tools are mostly defensive. “In this way, the tools on the market today are designed to identify and fix issues once they are at the network perimeter, or sometimes only once the perimeter has been breached. Depending on after-the-fact solutions to defend your networks and your most sensitive data is a case of closing the stable door once the horse has bolted.”
He says any security issues need to be pinpointed before they have had the opportunity to do damage. “This is why we need proactive intelligence gathering capabilities, and advanced solutions, that allow companies to keep sight of malicious campaigns or development activities, allowing for a pre-emptive strike so they may be ready for, and able to stop, many threats before they are able to claim their malicious payload.”
Brown says detection and prevention capabilities still have their place, but are not adequate when it comes to dealing with APTs that are too stealthy and sophisticated. “The risks of these threats are simply too great.”
He says there are tools available that help prevent APTs from gaining a foothold in the network. “Tools that filter email content for example. This would include Sender ID or Sender Policy Framework (SPF) that can be utilised to root out any spoofed emails. Email content can also be examined for any of the expected phishing signs, and for links and attachments, which can be isolated and analysed to uncover any malicious activity.”
Application white-listing is another useful solution, as it prevents users from running unauthorised software, including executables and scripts attached in emails. It can also be used to limit the types of attachments that are allowed, excluding any executable attachments for example. “This is not a silver bullet though. The most cunning threat actors have found ways to slip through these nets, for example, by sending a spreadsheet containing a malicious macro, or ones that take advantage of flaws in popular software,” Brown says.
Tools are not the only ways to prevent APTs, he adds. “I cannot stress enough how educating employees about social engineering and phishing is vital to their prevention. Make sure employees know not to click on links, open attachments or download files from untrusted sources. This includes opening emails from people they don’t know, and suspicious mails from people they appear to know.
“Also, advise against shopping on unsecured Web sites. The majority of incidents and compromises are a result of ignorance, oversight and thoughtlessness, and can be avoided with a little common sense.”
By using these and other tools available, organisations can lessen the attack surface and make it increasingly difficult for attackers to accomplish their ends. However, any hacker who wants to get in badly enough, will eventually succeed.
“Making your business a less attractive target by making it more expensive and time consuming to breach is key; it might make them look for lower hanging fruit,” Brown concludes.