20 апреля 2016 г.
The year 2014 went down in history as 'the year of the data breach', but perhaps the tech writers were a little quick on the draw there. As 2015 draws to a close, it looks to have matched, or perhaps surpassed, its predecessor in terms of the number and severity of attacks. Clearly, whatever cyber security is in place isn't working.
One problem that keeps rearing its ugly head is a complete lack of understanding of what it takes to be secure and a complete unwillingness to take responsibility for security. Report after report highlights the security flaws evident where breaches occurred. It's time to get serious about data breaches and to rethink what it takes to consider systems secure.
Today's Threats are Different
Hackers today aren't limited to the lone wolves hiding in suburban basements. Today's hackers are often backed by deep pockets like governments, corporate sponsors, and activist groups like those against capitalism and in support of the environment.
Today's cyber universe isn't just marked by more threats, it is marked by better, more sophisticated attackers, better methods and means for attack, more persistent attacks, and more ambitious attacks. There are several reasons for this. First, hackers of yesterday were primarily solo attackers, most of whom simply wanted to know they could breach a system. It was a matter of bragging rights to say that they hacked a government agency or a huge bank.
The hackers of today aren't youngsters in their moms' basements trying to score bragging rights. These hackers are well-supported and well-funded, and fall more squarely into the category of 'terrorists' than 'pranksters'. Many hackers are backed by governments (China, North Korea, and Russia are all active participants in cyber-terrorism). Reasons behind these government-backed attacks range from cyber warfare to simply wanting to see what kinds of defense are in place. Governments aren't the only ones stooping to cyber terrorism, either. Lots of hackers are backed by corporate interests for the purpose of corporate espionage, and some are motivated by greed (identity thieves). Hactivism is also on the rise, as groups ranging from environmentalists to those raging against 'corporate greed' take to the Internet to press their points against the agencies they deem unrighteous.
Attention Isn't Even Going to the Biggest Threats
Still, though the number, severity, and sophistication of today's attacks continue to grow, CIOs, CTOs, and CSOs just aren't taking the right precautions to prevent such attacks. For example, though 57 percent of respondents to a recent poll said that 'sophisticated, targeted attacks' are their biggest worries, followed by social engineering (46 percent) and accidental leaks by users (21 percent), their security measures didn't reflect these concerns at all. In fact, they spent the most time and resources addressing the vulnerabilities of their homegrown software (35 percent) and plugging security holes in proprietary software (33 percent). The Sony breach, for instance, was a case of gross negligence on the part of their IT department. Similarly, most of the hacks against the U.S. government this year could have been prevented with even the basic security measures.
A New Ground-Up, Multi-Tiered Approach to Network Monitoring
Persistent, sophisticated attacks call for multiple layers of security, including both parameter security and continual monitoring, backed by a solid incident response plan.
So, what does it take to say that you've got good security today? How can you avoid becoming the next Target or Home Depot or Office of Personnel Management? It requires rethinking security. Security can no longer be an add-on to the software you build or buy; it has to be a primary feature from the ground up. But in addition to application security, it takes a robust, multi-tiered approach, including both perimeter protection and active monitoring.
By all means, keep using the next-gen firewalls, antivirus, and anti-malware software, and make sure these are kept up to date. Add to this monitoring at the user level, software level, and network level. To support your network monitoring, organizations need to develop, perfect, and practice incident response and forensics so that attacks can be halted and investigated immediately. Only with this ground-up, multi-level approach can you assure your systems are tightly secure in the Age of the Cyber Security Breach.
Ready to learn even more about today's security concerns? Accept this free Digital and IT Transformation Research Summary as your gift from NETSCOUT.