Time to pay attention to targeted attacks
The channel should sit up and take more notice of the advancing threat landscape, warns Tim Ayling
Targeted attacks and advanced persistent threats (APTs) have dominated most of the discourse in the info-security world for the past 12 months or more.
Everywhere you go vendors and pundits are talking about these covert, information-harvesting attacks – but away from the glitzy cybersecurity shows and the TV studios, there is a deafening silence on the subject in the channel.
Let's be clear about one thing: these attacks are on the rise.
A Quocirca report earlier this year suggested that many businesses have undetected malware on their systems. This can be a tell-tale sign of a targeted attack.
Rarely a month goes by without revelations of another large-scale, sophisticated campaign. Recent attacks include Naikon, an Asia-wide attack targeting governments, media, oil and gas, telecommunications and other firms.
They are hard to protect against, using social engineering techniques to infect user machines, and difficult to spot, often lying hidden on victim networks for months or even years while quietly exfiltrating data.
So why no great fuss in the channel? Well, large companies – oil conglomerates, multinational enterprises and so on – are taking note and rightly looking at ways to protect themselves.
However, the channel is dominated by the mid-market, and as yet most of these smaller businesses do not see themselves as a target.
The perception is that such attacks are still the preserve of state-sponsored hackers or big-money corporate espionage attackers, but that is changing.
As with any cutting-edge phenomenon, what starts off happening to the few often eventually trickles down to the mass market.
It happened with banking Trojans such as Zeus, it happened to an extent with polymorphic malware, and it is happening now with APTs and targeted attacks, as the tools and knowhow to carry out such attacks become more available.
Cybercriminals are not stupid. They will go where the money is. Right now in the UK, SMBs account for about half of the private sector's workforce and turnover.
SMBs can also be stepping stones to infiltration of larger businesses, that are perhaps partners of the smaller organisation.
Customers are generally unaware, and channel partners are not as clued up as they should be.
There is certainly a market for it – not least because only a minority of businesses, I have read, believe they have the technology to fight APTs.
Europe's new data protection rules will come into force next year, with strict new stipulations regarding data breach notification and penalties for non-compliance.
No firm, big or small, can ignore its responsibilities to keep customer data and intellectual property as secure as possible.
Tim Ayling is UK channel director at Trend Micro