Security
May 7, 2012

Cyber attack: Why you might be a target

Cyber attacks don’t have to look highly sophisticated. Hackers are purposely making them innocuous so that unsuspecting users will click without much immediate consequence. It’s a dangerous new way businesses and governments are being targeted, and security professionals are urging Canadians to get educated.

Among the more recent threats to emerge from the cyber threat landscape are advanced persistent threats. They occur when attackers deploy targeted hacks to steal information and often remain undetected in a network for some time gathering data.

Attacks have come a long way from the times of mass malware distribution. Nowadays, more than 50 percent of attacks are known as singletons, or attacks that are aimed at a few people or just one person. Persistent threats even target the commercial industry and government entities, in many cases specific people based on their roles and responsibilities within those organizations.

With government targets, open source information and public records allow cyber criminals to research the heads of different agencies and departments and then design attacks that go right to the source. Hacking is a sophisticated process and hackers are doing their market research and analysis to find how best to hit a target. For example, they could send an email that appears to be a legitimate communication or a communication that looks to be from a close colleague that they trust, when in fact it’s actually a malicious URL or attachment.

Advanced persistent threats were just one of the themes highlighted in Symantec’s annual Internet Security Threat Report. It found hackers are increasingly targeting people via social networks using shortened URLs to link to malicious content. During a three-month period in 2010, two-thirds of malicious links in news feeds observed by Symantec used shortened URLs.

The report also found more instances of third-party applications on Web-enabled mobile devices being malicious. Symantec documented 163 vulnerabilities in mobile device operating systems in 2010 compared to 115 in 2009.

Overall, threats are growing as criminals see the financial gains of data breaches. More than 286 million new threats were identified last year. In comparison, there were 240 million in 2009, a 100 percent increase over those found in 2008.

All governments face the same question: how do I protect against threats and resolve any security issues that may arise? Government agencies often face a couple of particular challenges. First, they tend to be more distributed and have less control of the overall enterprise. Second, there’s no one place for the Canadian government to manage, control and/or have broad situational awareness across the entire enterprise.

This is a challenge for governments globally. CIOs or CISOs in most large organizations have control, management and oversight, and can make corporate policy decisions and enforce them though technologies and best practices. However, while government CIOs and CISOs have accountability and oversight, they do not necessarily have all the budget control and governance responsibilities. They also don’t have the overall situational awareness of their IT environment to see their assets/information, assess the risk, and determine what steps to take to protect those assets/information.

Given the shortfall, it is key to find solutions to better protect organizations. The best way to stay ahead is to think of security from a holistic perspective by factoring in people, process and technology. Conducting a thorough assessment of your environment and keeping risk tolerance in mind can help you identify what needs to be protected and to what degree. Installing the most up-to-date security software like endpoint protection, data loss prevention and email encryption technology can also help safeguard information.

Cyber criminals have forced security companies to rethink and re-shift to technologies that can better protect organizations against specific threats. Symantec recently developed a reputation-based approach to security that augments traditional signature-based approaches. Reputation-based security looks at every file, object and executable that resides on an endpoint that is protected by Symantec, whether it’s good, bad or unknown, and lets the user know that file’s history, allowing them to make a decision on whether it can be trusted.

Tiffany Jones is the director of Public Sector Strategy and Programs for Symantec.

SIDEBAR
Symantec blocks more than three billion threats each year and gathers intelligence on how to do that from its Global Intelligence Network. The network has more than 240,000 sensors in more than 200 countries, tracking more than 40,000 vulnerabilities and 8 billion email spam and phishing messages each day.

About this author

0 comments

There are no comments for this post yet.

Be the first to comment. Click here.

Security
 
Governments around the world are increasingly relying on cloud-based IT services...
 
For a few years now, there’s been a throwaway metaphor bounced...
 
According to a 2018 study led by Dr. Michael McGuire, Senior...
 
Cloud technology is a game changer! Successful implementation in both the...
 
For over two days at the end of January this year,...
 
Earlier this month I had the privilege of testifying as an...
 
Canadian Government Executive Media, (CGE) publisher of Canadian Government Executive magazine...
 
In the last few years, we’ve seen various federal governments warning...
 
Canadian Government Executive is excited to announce the agenda for TechGov...
 
In the wake of the WannaCry outbreak, corporate executives, IT professionals,...
 
Facebook Pages can be an essential tool for businesses and charities,...
 
Cybersecurity professionals have sounded the alarm for years, and they are...
 
CBC deserves full credit for exposing the presence of IMSI catchers...
 
Security professionals have an obligation to communicate risks and recommendations to...
 
Over the decades, technology has been grafted into governments around the...
 
In this episode, J. Richard Jones talks about being candid about...
 
Criminals have reportedly threatened to take over 250 million Apple accounts...
 
In this episode, hear more about how Canada is a prime...
 
While the incoming administration of President-elect Donald Trump is being buffeted...
 
In the world that we are living in today, free and...
 
The RCMP adopted a new media strategy earlier this month by...
 
What would tomorrow’s cybersecurity look like? That’s an intriguing question to...
 
Terrorism operates with deadly regularity. In June 2016, a gunman who...
 
Just as the federal government has begun consultations on cyber security,...
 
Efforts by the government to counter the radicalization of young Canadians...
 
Canadian healthcare organizations and businesses in the financial industry are the...
 
Global market trends are accelerating to increase the pressure on commercial...
 
A recent report suggests several strategies how governments and the private...
 
The latest information from IBM Cloud covers: Consolidating Complex Environments Consolidating...
 
IBM Cloud is the first cloud provider to use Intel TXT...
 
Signaling a realignment of Canada’s involvement with NATO, Prime Minister Justin...
 
United States President Barack Obama, speaking before Parliament last night, urged...
 
Yes, according to the former head of the Canadian Security Intelligence...
 
Early this morning, Philippine police confirmed that the severed head found...
 
The challenge is clear: a fast-paced industry pressures organizations to simultaneously...
 
As populations grow and age, the demand for services increases. As...
 
The agency responsible for safeguarding the Pentagon and several other buildings...
 
By Michael Murphy Not all assets can and should be equally...
 
Government agencies, international businesses, as well as, European organizations that comply...
 
The Royal Canadian Mounted Police (RCMP) is poised to launch an...
 
One of Canada’s largest integrated oil companies said it is not...
 
Associates of Russian President Vladimir Putin, the king of Saudi Arabia,...
 
Now more than ever, organizations in both the public and private...
 
The Federal Bureau of Investigation announced that it has managed to...
 
IT organizations, especially those in healthcare facilities and government institutions that...
 
Last year, the Canada Revenue Agency rolled out a pilot program...
 
Strong cryptography is clearly required to protect sensitive government, business, and...
 
As the battle between the FBI and Apple continues to escalate,...
 
“I don’t think that backdoors into encryption is going to increase...
 
Hackers are zeroing in on users of SSL/TLS encryption and no...
 
Meet Bob Heart.  He is an outstanding employee who works hard...
 
The CEO of Google Sundar Pichai has come out in support...
 
A new study released yesterday, Securing the C-Suite, Cybersecurity Perspectives from...
 
Application, operating system, and device logs contain essential security information, but...
 
Yesterday, Ontario Supreme Court Justice John Sproat ruled that the Peel...
 
I wrote about accountability more than a year ago. Recently, a...
 
Intelligence agencies have had widespread and long-running programs to gather, analyze...
 
What concerns me is whether or not we’ve got the balance...
 
One of the consequences of the Information Age in which we...
 
In March of 2011, the east coast of Japan was rocked...
 
BYOD is hot! But is it for you? If yes, which...
 
Protecting critical infrastructure from cyber threats is the shared responsibility of...
 
In numerous interviews with senior military commanders over the past several...
 
In early February, James R. Clapper, the U.S. director of national...
 
The widespread adoption of mobile devices as enterprise-level tools is occurring...
 
CGE Vol.13 No.2 February 2007 Public security, once a task relegated...
 
CGE Vol. 14 No.4 April 2008 In recent years, policy makers...
 
The changing face of public and personal privacy in the face...
 
The announcement regarding the establishment of Shared Services Canada (SSC) was...
 
What role should governments and public servants play in safeguarding personal...
 
L’univers de la sécurité des TI évolue rapidement. À mesure que...
 
The world of IT security is rapidly evolving. As quickly as...
 
There was probably a day in spring of AD 72 that...
 
Cyber attacks don’t have to look highly sophisticated. Hackers are purposely...
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
Governments around the world are increasingly relying on cloud-based IT services...