Tag: APT

We Spend So Much On IT Security, Why Are We Still Vulnerable?If you believe getting breached is inevitable, you’re right.  Businesses that think it won’t happen to them are either living with their heads in the sand or just don’t understand the information security landscape today.

The battle lines are both external and internal as organized hackers and malicious or careless insiders continue to be a threat to your most sensitive data.

Organizations face a new set of challenges today that include advanced persistent threats (APT) that typically come from external sources.  APTs are able to bypass traditional perimeter security by working patiently over long periods of time to compromise defenses and to manipulate employees to click on familiar looking but malicious websites and emails. The battle is against an organized, professional ecosystem of cyber criminals, and outthinking them requires the best people and processes, not just security tools.

A quick look at the headlines shows that traditional IT security is not stopping data breaches.  Companies are spending billions of dollars on security, but it is not stopping the losses.  Here are a few recent examples:

Trustwave sued over failure to stop security breach

Up to 25,000 could be affected by laptop stolen from New West employee

TaxAct Acknowledges Data Breach

Data Breach At Arnett Healthcare Affects 30K Patients

Hyatt Reveals Data Breach Impacted About 250 Hotels

Attackers infiltrate corporate networks and discover vulnerable areas where confidential data is easiest to steal, which employees are most likely to handle such data, and how sensitive data moves inside and outside of the organization.  One approach to keep attackers under the radar is to copy a few sensitive files per day over a long period of time.  This may be normal for most organizations and doesn’t trip any alarms.

In the past it was sufficient to guard the organization’s perimeter with tools such as firewalls, intrusion detection/prevention systems and data loss prevention (DLP).  These techniques are no longer effective by themselves against APTs and insider threats.

The solution is to add data-centric security to complement traditional perimeter security. Data-centric security includes techniques that protect data as it travels within the organization and beyond, by limiting access to sensitive data through dynamic policies. It includes techniques for determining where sensitive data exists, monitoring that data, and analyzing the ways in which users copy, move, and access it over time. It incorporates identity management systems to correlate specific users with activity on sensitive data. By using these techniques continuously, organizations can not only prevent unauthorized activity automatically but also detect suspicious behavior patterns that suggest APTs and take action before it’s too late.

Data-centric security should allow users to work without interruptions as they pass information among multiple devices and between colleagues and business partners. A people-centric policy allows for flexibility and dynamic security enforcement based on content, users, devices, time of day, location, and so on.  This acknowledges the need for exceptions to predefined policies based on the dynamic nature of legitimate data creation and usage while relying on advanced analytics to catch excessive deviations from the norm.

Adding data-centric security helps close the gaps that external hackers and malicious or careless insiders exploit to compromise sensitive business data and affect your bottom line.  Incorporating these techniques into your current mix of physical and perimeter security will best protect your business and its information.


Photo credit Suriyan Soosay

Financial Crime Goes Big In 2015Whether people claim that 2015 was the year of the data breach or not, it’s clear that we saw major data breaches in financial institutions through external attacks, insider threats or exploiting serious vulnerabilities in systems.  Many incidents were a lack of IT security basics, such as disabling default passwords and accounts or simple implementation errors.

There were a number of incidents in financial institutions in 2015 that showcased how dangerous both external hackers and motivated or careless insiders can be.  As Fahmida Rashid says in her article on Innovative and Damaging Hacks in 2015, people intent on stealing data and money are becoming more sophisticated in their attacks.  Rather than just targeting consumer information, thieves are going after systems or data that are more lucrative.  The Carbanak advanced persistent threat (APT) attack against financial institutions around the world was a good example of targeting banks’ internal systems and operations that may have caused as much as $1 billion in losses.

There were also increases in phishing campaigns where attackers sent email that appeared to be legitimate asking for bank account information or to validate a transaction.  If the recipient blindly clicked on a link or provided information without validating authenticity, they could be out of a lot of money.

While external attackers still pose the biggest threat to financial organizations, 2015 showed insiders can cause damage as well.  Earlier this year, a former employee of Morgan Stanley pleaded guilty to stealing confidential data from more than 700,000 customer accounts while he was interviewing for a new job with two competitors.  External attackers target insiders who already have access to sensitive data. Encryption, dynamic security policies that travel with data, and robust multifactor authentication controls are some of the defenses financial institutions should consider to ensure that unauthorized individuals can’t read anything they shouldn’t be allowed to see.

It’s clear from looking at the attacks and breaches in 2015 that all the perimeter-based IT security implemented at financial organizations is not stopping the problem.  Implementing the basics of security best practices is the first place to start.  Next is to protect what people want to steal, data.  Having access to sensitive data is what criminals want so they can sell it or use it to steal big from financial institutions and their customers.


Photo credit elhombredenegro

Book a meeting