RSA, the security division of EMC, released a new report that takes an in-depth look at the seismic shift in the cyber threat landscape, as enterprises are increasingly targeted for corporate espionage and sabotage. The report, the latest in a series from the Security for Business Innovation Council (SBIC), asserts that for most organizations, it’s a matter of when, not if, they will be targeted by advanced threats.
In an environment where the focus shifts from the impossible task of preventing intrusion to the crucial task of preventing damage, the report includes instructive guidance from 16 global security leaders for confronting this new class of threat.
The SBIC is a group of the industry’s top security leaders from Global 1000 enterprises that discuss top-of-mind security concerns and how the application of information security can address those concerns and enable business innovation. The recent string of sophisticated cyber attacks – affecting pillars of industry and government – provides the backdrop for the latest report: When Advanced Persistent Threats Go Mainstream: Building Information-Security Strategies to Combat Escalating Threats.
Within this landscape, the report reveals that APTs – a menace once confined to the defense industrial base and government agencies – are now targeting a broad range of private sector organizations to nab valuable intellectual property, trade secrets, corporate plans, access to operations and other proprietary data.
“It is a very intelligent, well-armed, and effective foe that is fantastic at what they do,” said Roland Cloutier, vice president, Chief Security Officer, Automatic Data Processing, Inc. and member of the SBIC. “It’s going to take a new approach in most enterprises to combat it.”
Fundamental Change in Quality of Cyber Attacks
The term APT originated to describe cyber espionage in which a nation-state gains access to a network to, over long periods of time, extract national security data. Today the term APT has broadened as attackers expand their target lists and nation-states are no longer the only groups deploying these sophisticated techniques. Rather than gain entry through the network perimeter, today’s ambitious attackers prefer to target human vulnerabilities, exploiting end users through social engineering techniques and spear phishing.
“Cyber criminals have aggressively shifted their targets and tactics,” said Art Coviello, executive chairman, RSA, The Security Division of EMC. “In the never-ending war for control of the network, the battle must be fought on many different fronts. All organizations are part of the greater ecosystem of information exchange and it is everyone’s responsibility to build and protect that exchange.”
This latest report from the SBIC urges organizations to adopt a new security mindset, shifting the concept of success from preventing infiltration to detecting attacks and mitigating damage as quickly as possible. With this in mind, the Council offers seven defensive measures against escalating APT threats:
- Up-level intelligence gathering and analysis – Make intelligence the cornerstone of your strategy.
- Activate smart monitoring – Know what to look for and set up your security and network monitoring to look for it.
- Reclaim access control – Rein-in privileged user access.
- Get serious about effective user training – Train your user population to recognize social engineering and compel them to take individual responsibility for organizational security.
- Manage expectations of executive leadership – Ensure the C-level realizes the nature of combating APTs is fighting a digital arms race.
- Rearchitect IT – Move from flat to segregated networks so it’s harder for attackers to roam the network and find the crown jewels.
- Participate in intelligence exchange – Leverage knowledge from other organizations by sharing threat intelligence.
Keep up with the access control market
The physical access control market is moving fast. Find out where you stand with the latest edition of IFSEC Insider's comprehensive 2022 State of Physical Access Control trend report, covering all the latest developments within the market. We assess the current technology in use, upgrade plans and challenges, and major trends on the horizon after receiving the views of over 1000 security, facilities and IT professionals.
Get your copy for free today.
