Cyber attack: Why you might be a target – Canadian Government Executive

NEWS

SEARCH

Security
May 7, 2012

Cyber attack: Why you might be a target

Cyber attacks don’t have to look highly sophisticated. Hackers are purposely making them innocuous so that unsuspecting users will click without much immediate consequence. It’s a dangerous new way businesses and governments are being targeted, and security professionals are urging Canadians to get educated.

Among the more recent threats to emerge from the cyber threat landscape are advanced persistent threats. They occur when attackers deploy targeted hacks to steal information and often remain undetected in a network for some time gathering data.

Attacks have come a long way from the times of mass malware distribution. Nowadays, more than 50 percent of attacks are known as singletons, or attacks that are aimed at a few people or just one person. Persistent threats even target the commercial industry and government entities, in many cases specific people based on their roles and responsibilities within those organizations.

With government targets, open source information and public records allow cyber criminals to research the heads of different agencies and departments and then design attacks that go right to the source. Hacking is a sophisticated process and hackers are doing their market research and analysis to find how best to hit a target. For example, they could send an email that appears to be a legitimate communication or a communication that looks to be from a close colleague that they trust, when in fact it’s actually a malicious URL or attachment.

Advanced persistent threats were just one of the themes highlighted in Symantec’s annual Internet Security Threat Report. It found hackers are increasingly targeting people via social networks using shortened URLs to link to malicious content. During a three-month period in 2010, two-thirds of malicious links in news feeds observed by Symantec used shortened URLs.

The report also found more instances of third-party applications on Web-enabled mobile devices being malicious. Symantec documented 163 vulnerabilities in mobile device operating systems in 2010 compared to 115 in 2009.

Overall, threats are growing as criminals see the financial gains of data breaches. More than 286 million new threats were identified last year. In comparison, there were 240 million in 2009, a 100 percent increase over those found in 2008.

All governments face the same question: how do I protect against threats and resolve any security issues that may arise? Government agencies often face a couple of particular challenges. First, they tend to be more distributed and have less control of the overall enterprise. Second, there’s no one place for the Canadian government to manage, control and/or have broad situational awareness across the entire enterprise.

This is a challenge for governments globally. CIOs or CISOs in most large organizations have control, management and oversight, and can make corporate policy decisions and enforce them though technologies and best practices. However, while government CIOs and CISOs have accountability and oversight, they do not necessarily have all the budget control and governance responsibilities. They also don’t have the overall situational awareness of their IT environment to see their assets/information, assess the risk, and determine what steps to take to protect those assets/information.

Given the shortfall, it is key to find solutions to better protect organizations. The best way to stay ahead is to think of security from a holistic perspective by factoring in people, process and technology. Conducting a thorough assessment of your environment and keeping risk tolerance in mind can help you identify what needs to be protected and to what degree. Installing the most up-to-date security software like endpoint protection, data loss prevention and email encryption technology can also help safeguard information.

Cyber criminals have forced security companies to rethink and re-shift to technologies that can better protect organizations against specific threats. Symantec recently developed a reputation-based approach to security that augments traditional signature-based approaches. Reputation-based security looks at every file, object and executable that resides on an endpoint that is protected by Symantec, whether it’s good, bad or unknown, and lets the user know that file’s history, allowing them to make a decision on whether it can be trusted.

Tiffany Jones is the director of Public Sector Strategy and Programs for Symantec.

SIDEBAR
Symantec blocks more than three billion threats each year and gathers intelligence on how to do that from its Global Intelligence Network. The network has more than 240,000 sensors in more than 200 countries, tracking more than 40,000 vulnerabilities and 8 billion email spam and phishing messages each day.

About this author

0 comments

There are no comments for this post yet.

Be the first to comment. Click here.

Security
 
CBC deserves full credit for exposing the presence of IMSI catchers...
 
Security professionals have an obligation to communicate risks and recommendations to...
 
Over the decades, technology has been grafted into governments around the...
 
In this episode, J. Richard Jones talks about being candid about...
 
Criminals have reportedly threatened to take over 250 million Apple accounts...
 
In this episode, hear more about how Canada is a prime...
 
While the incoming administration of President-elect Donald Trump is being buffeted...
 
In the world that we are living in today, free and...
 
The RCMP adopted a new media strategy earlier this month by...
 
What would tomorrow’s cybersecurity look like? That’s an intriguing question to...
 
Terrorism operates with deadly regularity. In June 2016, a gunman who...
 
Just as the federal government has begun consultations on cyber security,...
 
Efforts by the government to counter the radicalization of young Canadians...
 
Canadian healthcare organizations and businesses in the financial industry are the...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
The challenge is clear: a fast-paced industry pressures organizations to simultaneously...
 
As populations grow and age, the demand for services increases. As...
 
By Michael Murphy Not all assets can and should be equally...
 
Please to view this Content. (Not a member? Join Today! )...
 
Now more than ever, organizations in both the public and private...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
As the battle between the FBI and Apple continues to escalate,...
 
Please to view this Content. (Not a member? Join Today! )...
 
Meet Bob Heart.  He is an outstanding employee who works hard...
 
A new study released yesterday, Securing the C-Suite, Cybersecurity Perspectives from...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Yesterday, Ontario Supreme Court Justice John Sproat ruled that the Peel...
 
I wrote about accountability more than a year ago. Recently, a...
 
Intelligence agencies have had widespread and long-running programs to gather, analyze...
 
What concerns me is whether or not we’ve got the balance...
 
One of the consequences of the Information Age in which we...
 
In March of 2011, the east coast of Japan was rocked...
 
BYOD is hot! But is it for you? If yes, which...
 
Protecting critical infrastructure from cyber threats is the shared responsibility of...
 
In numerous interviews with senior military commanders over the past several...
 
In early February, James R. Clapper, the U.S. director of national...
 
The widespread adoption of mobile devices as enterprise-level tools is occurring...
 
CGE Vol.13 No.2 February 2007 Public security, once a task relegated...
 
CGE Vol. 14 No.4 April 2008 In recent years, policy makers...
 
L’univers de la sécurité des TI évolue rapidement. À mesure que...
 
The world of IT security is rapidly evolving. As quickly as...
 
Cyber attacks don’t have to look highly sophisticated. Hackers are purposely...
 
The announcement regarding the establishment of Shared Services Canada (SSC) was...
 
There was probably a day in spring of AD 72 that...
 
The changing face of public and personal privacy in the face...
 
What role should governments and public servants play in safeguarding personal...
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
CBC deserves full credit for exposing the presence of IMSI catchers...

Member Login

Forgot Password?

Join Us

Password Reset
Please enter your e-mail address. You will receive a new password via e-mail.