Page 29 - index
P. 29
The Evolving Security Threat Landscape
By Mike Stute, Masergy Chief Scientist
Companies are engaged in asymmetrical warfare with cyber criminals. Businesses spend
billions of dollars annually to implement the latest cybersecurity defenses, while groups of well
organize hackers can spend as little as $500 for malware kits and launch extended attacks. As
one chief information security officer recently noted, “We have to be lucky all of the time,
whereas our enemies only have to get lucky once to breach our defenses.”
There are certainly many types of threats that companies are contending with from hacktivists
and government-sponsored attacks to malicious hackers and disgruntled employees. But the
biggest threat comes from professional black hat hackers who work in loosely coupled groups.
Well-organized cybercriminals issue RFPs (request for proposal) for hackers with particular
specialties to put together complex malware attacks that infiltrate corporate defenses, lurk within
the corporate ecosystem collecting valuable information about how systems are architected,
and eventually exfiltrate valuable customer data and intellectual property that can be sold on the
black web, which is the black market of the online realm.
It is difficult for companies to stay ahead of these increasingly insidious attacks. Worldwide
spending on information security will reach $71 billion this year, according to the latest research
from Gartner, Inc. Cybercrime will continue to grow and cause corporate losses in the range of
$445 billion annually, according to a recent report published by the Center for Strategic and
International Studies, a Washington, D.C. policy think tank. “Cybercrime is a tax on innovation,”
the report notes and slows the pace of economic growth through the theft of intellectual property
and consumer financial information.
th
Unlike the world of 20 century organized crime, where the players were well known to law
st
enforcement officials and their activities were closely watched, 21 century cybercrime is
decentralized, with major players able to mask their identities, intent and actions. Teams of
hackers across the globe work in anonymity, constantly changing their tactics to evade the best
efforts of corporations and governments. Cybercriminals are able to react quickly to new
“business” opportunities and corporate system vulnerabilities.
Cybercriminals are taking advantage of all of the latest technologies that businesses employ
from commercially developed software to cloud compute resources. They also use the latest
encryption technology to mask the spyware they insert into corporate computing systems. This
software lies in wait, sometimes collecting information useful to hackers and can be
programmed to carry out an attack weeks, months or even years after being inserted. To remain
undetected, malware can be programmed to self-destruct after it has achieved its intent.
As we’re seen in many recent examples, it can take weeks and months for companies to detect
a breach, such as the example of U.S. retailer Home Depot, whose breach went undetected for
4 months.
A survey of IT security professionals published this year by the Ponemon Institute indicates that
most respondents do not think their existing security systems are sufficient to anticipate, identify
and reduce advanced threats. The report, “Exposing the Cybersecurity Cracks: A Global
29 Cyber Warnings E-Magazine – January 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
