Traditional Security Practices and Cyber Attacks – there has always been a cat and mouse race between security experts or geek and cyber culprits in the cyber world. Every time security geeks teach a new lesson from evolving cyber threats. People have struggled to understand the cyber threat, assess the risks to persons and organizations. To date, many enterprises have invested million dollars to prevent cyber threats. However, advanced persistent threats and sophisticated hacking techniques compel cyber security nerds and organizations to think out of the box. Traditional security practices are no longer helpful to protect the IT infrastructure against evolving hacking techniques. The truth is many IT security products and tactics do not work as promoted, staying us vulnerable against malicious codes.
Traditional Cyber Security Methods and APTs:
APTs – Advanced Persistent Threats compels to replace traditional security methods with modern and advanced security practices. The days are gone when security practitioner rely on traditional practices like antivirus, firewall, software patches, and password resetting. However, changing technology and the rise of APTs have bypassed signature-based security protection mechanisms.
Few Traditional Security Practices:
- Antivirus: Antivirus only scans your computers and system, but they are not able to identify evolving thousands of malware created by hackers. Cyber geek faces a new malware everyday, which is quite difficult to detect and eliminate for antivirus. We can say that Antivirus is not yet dead but needs further improvements.
- Firewall: Firewall is a network security system that monitors the incoming and outgoing traffic. However, modern cyber attacks can bypass firewall systems by targeting forbidden programs. New generation, firewall seems a feeble sense of security. The average firewall produces many warnings, but it is quite impossible for a firewall administrator to consider all the warnings. Therefore, there is a chance for malware to bypass the firewall easily.
- Software Update: software patches are not a new thing for us. If you use desktop or Smartphone, you gets software patches frequently saying “Bug fixed”. The question is, if you have fixed the bug, then why software developers are involved continuously in patching software. It clearly states that merely software patches cannot stop evolving cyber attacks and malware families. It is a never-ending battle.
- Insider Threat: Insider threat is really a big concern for business. BYOD seems a potential risk for many organizations. According to Gartner Research, managing BYOD is quite necessary at organization’s premise. Many employees and organizations do not clear about BYOD policy and overlook, which can be dangerous. It could welcome malware intrusion in the organization’s system.
- Password Change: keep changing the password at regular intervals cannot keep you away from password hacking. For example, if you have 10 online accounts where you manage multiple passwords are quite difficult to remind the changed passwords every time. Hackers currently, get admin access by tricking users and enter a Trojan program into the system. Then, they harvest the password and reuse them.
- Intrusion Detection: Intrusion Detection system logs hundreds of signatures, but it will decelerate the monitored traffic process. Even every single event alerts ends up being neglected as firewall logs.
According to FireEye survey, 2013, a survey carried out in total number of 39504-cyber security incidents, whereas 4,192 attacks were associated with APT attack. The security firm also discovered 17,995 malware infections emerged due to APT attack.
The connectedness of digital infrastructures has opened a way for hackers to access to web users. Whether a web user is accessing a website or social media accounts or any online activities; all activities can be tracked easily with connectivity. In current time, hackers explore organization’s security system, personnel, and processes to find a weakness in the organization’s system after that they develop a technique to exploit the network or server. It is obvious that such techniques require lot time for surveillance of an organization, but once cyber culprits find a weakness, it will be a triumph for them.
Social engineering, spear phishing, SQL injection attack, a DDoS attack are some of the major concerns for security professionals. APT attacks are stealthy and prolonged; they are opposed to achieve the financial gain immediately. Modern attacks extract information from the targeted organizations. This type of attack has three major characteristics: Stealthiness, adaptability and persistence. APTs attack brings consequences like damage to the reputation of an organization, financial loss, legal issue, loss of the customer’s information, and loss of intellectual property. There are several reasons why APTs are unidentified in current time, which are as follows.
Reasons for unidentifiable Cyber Threats:
Many Security nerds believe that the internet is a great place to create a crime where you can find information and connectivity, rich targets. Evolving malicious actors, low cost PC technology, and easy to get malware has made a cyber threat assessment difficult.
Attackers adopt a similar attack pattern makes it impossible to find a clue about the identity. Attack anonymity and lack of traceability gives less reliable evidence for hackers.
The internet is a shared among citizens diversified in business, governments, and web users. In this shared environment, financial transactions, spying activities, and social communications are carried on daily base. With limited ability to analyze actors and activities, it is quite difficult to trace every single threat.
The consequences emerge from attacks are varied and it is difficult to predict. For example, APTs attack, network scanning or illegal system access turns into data breach and service disturbance, loss of network availability. On the other hand, once a DDoS attack or SQL injection is diagnosable, you can roll back the hackers to reinstate the system.
There are methods to conduct bad actors that have been arranged in law, but it do not work well in this new technological environment.
Steps to mitigate APT Proactively:
- With ever changing technology and evolving threats, security experts have to mull over threat mitigation techniques that keep them alert with the latest threats.
- Make a strict BYOD policy and educate employees about social engineering techniques and etiquette about social media sites. This will reduce outsider intrusion in the organization’s system.
- Focus on your advanced threat mitigation technology and targets new threat techniques like payload delivery techniques that could bypass signature based technologies. Use PAAM (Privileged Account Activity Management) that only permits admin privilege to authority or selected person. It will reduce potential harm to the enterprise system.
- Enhance event detection and analysis; implement centralized log analysis and complex correlation with automated alerts.
- Organizations must have a rapid incident response system to mitigate the malware infection in the unfortunate case when security controls fail.
- There is no magic trick to reduce APTs immediately; it requires a passion and foresight for the emerging threats. A defensive strategy must be used across network, endpoint, and data security.