Cyber attacks don’t have to look highly sophisticated. Hackers are purposely making them innocuous so that unsuspecting users will click without much immediate consequence. It’s a dangerous new way businesses and governments are being targeted, and security professionals are urging Canadians to get educated.
Among the more recent threats to emerge from the cyber threat landscape are advanced persistent threats. They occur when attackers deploy targeted hacks to steal information and often remain undetected in a network for some time gathering data.
Attacks have come a long way from the times of mass malware distribution. Nowadays, more than 50 percent of attacks are known as singletons, or attacks that are aimed at a few people or just one person. Persistent threats even target the commercial industry and government entities, in many cases specific people based on their roles and responsibilities within those organizations.
With government targets, open source information and public records allow cyber criminals to research the heads of different agencies and departments and then design attacks that go right to the source. Hacking is a sophisticated process and hackers are doing their market research and analysis to find how best to hit a target. For example, they could send an email that appears to be a legitimate communication or a communication that looks to be from a close colleague that they trust, when in fact it’s actually a malicious URL or attachment.
Advanced persistent threats were just one of the themes highlighted in Symantec’s annual Internet Security Threat Report. It found hackers are increasingly targeting people via social networks using shortened URLs to link to malicious content. During a three-month period in 2010, two-thirds of malicious links in news feeds observed by Symantec used shortened URLs.
The report also found more instances of third-party applications on Web-enabled mobile devices being malicious. Symantec documented 163 vulnerabilities in mobile device operating systems in 2010 compared to 115 in 2009.
Overall, threats are growing as criminals see the financial gains of data breaches. More than 286 million new threats were identified last year. In comparison, there were 240 million in 2009, a 100 percent increase over those found in 2008.
All governments face the same question: how do I protect against threats and resolve any security issues that may arise? Government agencies often face a couple of particular challenges. First, they tend to be more distributed and have less control of the overall enterprise. Second, there’s no one place for the Canadian government to manage, control and/or have broad situational awareness across the entire enterprise.
This is a challenge for governments globally. CIOs or CISOs in most large organizations have control, management and oversight, and can make corporate policy decisions and enforce them though technologies and best practices. However, while government CIOs and CISOs have accountability and oversight, they do not necessarily have all the budget control and governance responsibilities. They also don’t have the overall situational awareness of their IT environment to see their assets/information, assess the risk, and determine what steps to take to protect those assets/information.
Given the shortfall, it is key to find solutions to better protect organizations. The best way to stay ahead is to think of security from a holistic perspective by factoring in people, process and technology. Conducting a thorough assessment of your environment and keeping risk tolerance in mind can help you identify what needs to be protected and to what degree. Installing the most up-to-date security software like endpoint protection, data loss prevention and email encryption technology can also help safeguard information.
Cyber criminals have forced security companies to rethink and re-shift to technologies that can better protect organizations against specific threats. Symantec recently developed a reputation-based approach to security that augments traditional signature-based approaches. Reputation-based security looks at every file, object and executable that resides on an endpoint that is protected by Symantec, whether it’s good, bad or unknown, and lets the user know that file’s history, allowing them to make a decision on whether it can be trusted.
Tiffany Jones is the director of Public Sector Strategy and Programs for Symantec.
Symantec blocks more than three billion threats each year and gathers intelligence on how to do that from its Global Intelligence Network. The network has more than 240,000 sensors in more than 200 countries, tracking more than 40,000 vulnerabilities and 8 billion email spam and phishing messages each day.