In a new Wall Street Journal CIO Journal article, information security experts James Holley and Jeff Spivey are warning organizations that they need to be prepared (and yet likely aren’t) for a full-scale targeted attack on their intellectual property, and that the very idea of prevention “should be removed from the cybersecurity dictionary”.
This bold call to cyber-arms comes as more and more malware and APT attacks penetrate outdated security controls that were designed to thwart the “hackers and novice script kiddies” of days gone by — not today’s highly sophisticated and well-funded by nation states, cyber criminals, hactivists and other adversaries.
Such assaults include the 2012 Shamoon malware attack on Aramco, the Saudi Arabian national oil and natural gas company. The devastating attack, which was discovered and brought to the world’s attention by Seculert’s Advanced Threat Protection platform, destroyed data on about 30,000 of Aramco’s computers and servers – and has left a trail of financial destruction in its wake that is still being felt today, and will for years and possibly decades to come.
It’s this kind of targeted attack – and particularly their persistent nature (“they are not giving up and moving on to the next easy target”) — that Holley and Spivey say most organizations are woefully unprepared to handle (“traditional technology controls such as firewalls are not enough to equip your enterprise to respond to a potential attack”).
However, it’s not all doom and gloom. Although the experts concede that stopping 100% of attacks is a technical impossibility, there are ways for organizations to avoid becoming the next devastated victim.
To that end, they endorse 5 key pieces of awareness and advice from the new book “Responding to Targeted Cyberattacks” by Ernst & Young LLP professionals and distributed by ISACA:
APTs typically target people in order to get through the network; often through Spear Phishing emails.
Today’s threats are a legitimate business problem – not just an IT problem.
Users must be educated and made aware, so they can be part of the solution.
Strategies that focus on prevention and reaction are no longer valid – what’s required are strategies that focus on detection and response.
Dealing with today’s malware and APTs requires: centralized log aggregation and correlation; forensic analysis across the enterprise; the ability to detect “indicators of compromise”; and the capacity to detect malicious code in memory.