Cyber attacks today are more complex and sophisticated than ever. They are specifically crafted to slip through the nets of even the most advanced defences, and organisations of all types and sizes are falling prey.
By Simon Campbell-young, CEO of Intact Software
Moreover, signature-based defences cannot hope to protect against malware that is tailored for the specific purpose of breaching your organisation, and even if they could, threat actors are employing advanced social engineering techniques and other tactics to get a foot in the door.
The main reason traditional detection tools fail, is because they are incomplete. Unfortunately, indicators are fleeting, and can only be used to provide data on a specific, retrospective point in time. They can only give a glimpse – they do not provide a full picture. Evidence is needed to paint an accurate picture and give enough context to be able to foresee any attacks in the future.
Similarly, perimeter controls such as firewalls and data leakage prevention (DLP), might act as the gatekeepers to the network, but they don’t have the ability to detect attacks that exploit a wide attack surface, and use multiple steps to achieve their end, or ones that use phishing to get access to legitimate credentials.
Another tool, security analytics, are able to highlight anomalous behaviours that might indicate an attack has happened or is in progress. The problem is, these algorithms are not well informed, as they have no knowledge of, or insight into, the cyber criminal’s behaviour.
Then there’s threat intelligence, which offers insights into the threat actor’s techniques and tactics, and might even be able to recognise an attacker’s signature, and make the connection that a specific criminal group is likely to be responsible for a certain attack. But can this information be integrated into detection tools effectively? No.
So what to do? The majority of businesses should ensure they have measures in place to fight the more common attacks, and should start bolstering their security posture in general, including improving security policies, configurations and procedures. If they can’t defend against common and pervasive malware, trying to fight APTs is like taking a knife to a gun fight. These scourges are around because they still work.
Focusing on APTs while ignoring phishing and watering hole attacks could ironically leave your business vulnerable to the very threat you are trying to avoid. Get the basics right, and then focus on other measures. Fighting APTs requires a layered approach; one that is a mixture of tools, practices and solutions.
Tightening up policies is also a must. Get the basics right, such as checking which of your users has admin rights and enforcing the principle of least privilege. Ask if users can install unwanted software such as browser toolbars, and what policies you have around BYO, be it application or device.
The final step is to fight the human weakness. Educate your staff, and make sure everyone is invested in security outcomes. Moreover, rely more on your people. You have security experts in place because they know something you don’t. Trust them. Ultimately human expertise can make all the difference – cyber criminals are people too, and people are what will ultimately have the insight and know-how to fight them. Technology alone will likely fail, so invest in your people and keep their skills and knowledge up to date.