Opportunity knocks in targeted attacks
Defending organisations from the rise in targeted attacks is a genuine reseller opportunity, reports Bob Tarzey
Over the years cybercriminals have honed the techniques they use to attack businesses. They have moved on from largely random attacks that rely on sheer volume to take in a few gullible individuals, to targeting specific organisations and the individuals within.
The techniques developed have attracted a newer type of attacker, the hacktivist, who bears a grudge against a particular organisation. Added to this poisonous mix is some very sophisticated malware that nation states have developed to attack each other, which has been repurposed by the broader community of hackers.
This is a problem for businesses, but an opportunity for resellers. Our latest research explains why traditional IT security measures, such as anti-virus, firewalls and intrusion prevention systems, are not enough to defend against such targeted attacks; more advanced defences are needed.
While few plan to abandon the old defences, the need for new ones is recognised and the budget is being made available. Many of the maintenance contracts for existing IT security products will remain, but there is also a willingness to invest in new products and related services.
Quocirca's new report for Trend Micro, The Trouble Heading for Your Business, looks at how common certain types of attack are, which industry sectors are being hit the hardest and what defences are available - all information that should prove useful to resellers that need to overhaul their security offerings.
Which best describes your organisation's view of targeted attacks?
All charts © copyright Quocirca 2013
Seventy-five per cent of organisations say they are concerned about targeted attacks, most of the rest lack awareness, but few dismiss the problem as exaggerated. This awareness will be partly down to the reporting of such attacks in the IT, business and popular press, but it is also because all too many organisations have actually been victims, often to a significant extent.
The likelihood of having been hit is highest in sectors with valuable intellectual property or lots of regulated or personal data; pharmaceutical firms, public sector bodies, manufacturers and financial services organisations top the list.
The most likely impact is the loss of regulated financial data, such as payment card details, followed by lost business. The latter may be a hacker goal, or a byproduct of system disruption.
Many attacks remain unreported by the media.
Vectors for perpetrating targeted attacks include those that aim to directly dupe individuals such as spear phishing or targeted emails, and social engineering, invoking spurious contacts via Facebook or similar. Most involve some sort of tailored, zero-day malware, often exploiting unpatched or unknown app and system vulnerabilities.
Most organisations have discovered malware running on their networks of which they were not previously aware. Clearly, traditional security measures, which almost all organisations have, are failing at some level.
Thirty per cent of businesses with fewer than 5,000 employees say they have deployed some sort of technology - such as deep packet inspection of network traffic, application white-listing, the use of sandboxes, heuristics, or advance correlation technology - to specifically defend against targeted attacks. Thirteen per cent say they are evaluating such technology. More need to do so.
Which of the following affected your business after an attack?
All charts © Copyright Quocirca 2013
Resellers will benefit from new revenue streams gained through adding the defences against targeted attacks to their portfolios; so will their customers.
Bob Tarzey is an analyst at Quocirca