Changes in cybercrime and the channel role

There's a greater need for education around complex emerging threats, argues Alex Teh

While traditional malware attacks and security breaches still happen regularly, targeted and more sophisticated attacks are a growing concern. Stuxnet, cyber warfare and espionage may sound like science fiction but are, in fact, now reality.

Several incidents have involved large companies, government contractors and financial institutions, including Citigroup and Google. This has drawn attention to a new type of heist: the advanced persistent threat (APT).

Such threats have been breaching organisations' conventional defence architectures, such as firewalls and anti-virus software, to target intellectual property. These increasingly pervasive attacks demonstrate that even multinational organisations are susceptible to threats that can evade detection by traditional defences.

Resellers must respond to these changes, in my view.

I believe that there is a need to also consider the ramifications of direct targeted attacks. 'Hacktivist' group LulzSec recently targeted specific organisations including SOCA, Sony and Nintendo,looking for vulnerabilities and flaws in the network, which can then be exploited.

Customers need to understand the threats and where and why they may be vulnerable. I believe they are looking to the channel for education and advice on how to protect their organisation and their data.

Simple defence solutions and strategies will go a long way against APTs, but are no longer enough. Businesses need full security assessments ensuring all their defences are in place and working.

APTs exploit known and unknown vulnerabilities and tend to propagate using a number of different infiltration techniques. Individually, these techniques are all well-known and easy to defend against as long as businesses are advised of the critical processes required and have the right vulnerability management systems.

And let's not forget the need to regularly update security patches.

APTs are designed to circumvent signature-based products. So organisations need to look at technologies with real-time code analysis. Logging and monitoring capabilities that detect anomalous data traffic and activity will work well but only in conjunction with a layered security process.

Construct an adaptable solution-based strategy for protection against current and emerging threats based on a thorough risk assessment -- along with the expert advice necessary for implementation.

Protecting confidential and proprietary information is a challenge. We need to help organisations tighten their existing security and risk management programmes and fill in any blanks.

This will be done, in part, by ensuring we stay ahead of emerging threats and keep up with new solutions being marketed. By increasing our support and knowledge of the industry we can advise end users and proactively address their security concerns.

Adaptable products and solutions with add-on or plug-in capabilities exist. But building awareness is a necessary step in the fight against APTs.

Alex Teh is commercial director at Vigil Software