It's time to put before the IT-service a question, how
the company's infrastructure is secure, and the extent whom it is
prepared to respond to the actions of malefactors.
Nowadays, cyber attacks affect all industries without
exception. If a business or a government has a sensitive information it
is obviously that it will be interesting to third parties, such as
competitors or terrorists. It is easy to recall the sensational story of
industrial espionage Boeing according to the closest competitor Lockheed Martin
or Renault employees, who passed secrets to the Chinese side who to produce an
electric car.
Hidden threat
$ 30 billion annually are spending on remedies, but
97% of organizations still remain vulnerable to malicious exploits. We
conducted a survey of our customers whose IT-infrastructure under the
protection of a firewall or current anti-virus signatures. It was found that
67% of companies have learned about existing vulnerabilities from external
sources. But during 7 month they were in complete ignorance and believed that
were saved.
At the present rate of development of technologies
such terms can not be considered acceptable - they carry enormous risks for
organizations. Obviously, modern approaches to security are showing their
ineffectiveness. Most of them are focused on finding and prevention of known
types of threats, which, in turn, constantly changing. And in practice,
increasingly people are facing with unique of its kind targeted attacks.
You must not underestimate the capabilities,
experience and skills of hackers. Now they are not still enthusiastic amateur,
now they are well-organized professionals whose working day starts at 9
am and ends at 5 pm. Over 80% of attacks are targeted and personalized, correspondingly,
they are used only once to gain access to well-defined information system.
How they do this?
For unknown reasons to me the most dangerous day of
the week, when the probability of attacks is rising is Wednesday. Most of all,
a group of hackers use exploits (code snippets to gain control over the
system), sent by e-mail.
Recently, our experts in conjunction with Microsoft
discovered a critical vulnerability in the browser Internet Explorer - with the
help of a series of attacks, codenamed with Clandestine Fox (Translated from
English. - "Secret fox"). Particularly, the Chinese hackers used
Clandestine Fox to penetrate into the information system of the European
manufacturer. This exploit could freely pass through 55% of web browsers around
the world.
Our research had shown that modern antivirus is
ineffective in the fight against today's threats. None of the products of the
leading developers of six (McAfee, Microsoft, Sophos, Symantec, Trend Micro,
«Kaspersky Lab") found 25% of malware. If the number was reduced to four
anti-virus, the proportion of undetected malware increased to 62%. And this is
in large companies, which traditionally focuses on IT-security.
The best defense is an attack
We must to admit perfectly secure system is impossible
to build. This is a fundamentally different approach to IT-security - just in
time eBay has changed the principle of retail goods in the Internet or Netflix
reinterpreted the traditional formula of distribution of video content.
The key task now is cybersecurity of operational
identifying of the attack source and further actions to neutralize the threat.
In other words, is not it important to understand the technical point of where
and how appeared a leak of information , how many people were interested
in it and what goals they pursued. In the past 20 years the rate was more on
the equipment, but this one is not enough. To find non-trivial solutions often
is needed a powerful intellect and diverse experience.
Source :
forbes.ua
No comments:
Post a Comment