Category: Cyber Security

The release of three of the most important annual threat intelligence reports earlier this month confirmed that 2013 was an explosive year for cybersecurity. All three reports point to rising incidences of cyber attack, increasing sophistication of attack vectors and a growing diversity of threat actors and targets.

The first of the reports is entitled M-Trends, compiled by the security forensics company Mandiant, now owned by FireEye. M-Trends is based on the analysis of incidence response data from organisations across 30 industries. While the analysis detected a slight improvement in the average number of days taken by organisations to detect a network breach, there was no discernable improvement in the ability of organisations to detect breaches without outside assistance. Only 33 percent of breaches are discovered by internal resources.

The analysis also revealed that cybercriminals are deploying a wider variety of attack methodologies against targets. Traditional approaches involve the detection and exploitation of vulnerabilities in Web applications which enable attackers to move laterally through connected systems after a successful compromise. According to M-Trends, attackers are shifting focus from Web applications to exploiting workstations and other systems infected with botnets and Trojans. These tools are designed to create backdoors for the installation and propagation of more powerful  forms of malware designed to seek out and extract sensitive data.

The report notes that sensitive data goes beyond proprietary intellectual property. State-sponsored attackers target a wide variety of information sources to understand how businesses work including emails, procedural and workflow documents, plans, budgets, organisational charts, and meeting agendas and minutes.

M-Trends concludes that the list of potential targets has increased, and the playing field has grown. Threat actors are not only interested in seizing the corporate crown jewels, but are also looking for ways to publicize their views, cause physical destruction, and influence decision makers.

The second report is also the most long-standing and well-known. The Verizon Data Breach Investigations Report (DBIR) is now in its eighth year and includes contributions from organisations such as the U.S Secret Service, US-CERT, Europol and the Council on Cyber Security. The 2014 DBIR analyzed over 1300 confirmed data breaches and 63,000 security incidents in 95 countries.

The highest number of security incidents analyzed by the DBIR affected organizations in the financial, retail and public sector. This is unsurprising since such organizations tend to store or process financial and other sensitive information. However, the DBIR did not observe any industry that was not impacted by security incidents that led to confirmed data losses. This underscore the DBIR finding that “everyone is vulnerable to some type of event. Even if you think your organization is at low risk for external attacks, there remains the possibility of insider misuse and errors that harm systems and expose data. To illustrate, 30% percent of security incidents impacting manufacturing companies can be classified as acts of cyber espionage. In comparison, less than 1 percent of incidents in public sector organisations are caused by cyber espionage. However, public sector organisations experience three times as many incidents of insider abuse as manufacturing companies.

The third and final threat intelligence report released in April was Symantec’s Internet Security Threat Report which revealed a 62 percent year-on-year increase in data breaches with 8 breaches exposing more than 10 million identities each. According to the report, the industries most at risk of a targeted attack are mining, government and manufacturing. The likelihood that organisations in such industries will experience an attack are 1 in 2.7, 1 in 3.1 and 1 in 3.2 respectively.

The report also revealed that there were more zero-day vulnerabilities in 2013 than other year on record. The number of zero-day vulnerabilities discovered last year were 61 percent higher than the year before and more than the previous two years combined.

The report recommends multiple and mutually-supportive defense-in-depth strategies to guard against single-point failures. It also recommends continuous monitoring and automatic alerting for intrusion attempts, as well as aggressive updating and patching. These recommendations are echoed by both M-Trends and the DBIR. According to the former, organisations require “visibility into their networks, endpoints and logs. Organisations also need actionable threat intelligence that identifies malicious activity faster.

Layer Seven Security enable SAP customers to meet this challenge by hardening every component of the SAP technology stack for defense in depth including underlying networks, databases and operating systems. We also configure comprehensive network, system, table and user logs to enable organisations to track, identify and respond to cyber attacks. Finally, we unlock standard, powerful security monitoring mechanisms in SAP Solution Manager to automatically detect and alert of potential malicious activity.

The rise in the rate and sophistication of cyber attacks has predictably fuelled the pressure on security resources. However, the precise complexion and source of the pressure was largely unknown until the recent release of the Trustwave Security Pressures study. The study examines the threats most concerning to security professionals and the preferred responses.

The results of the study are based on survey responses from over 800 decision makers in the US, UK, Canada, and Germany including CIOs, CISOs, and IT Directors / Managers. Almost 60 percent of respondents were IT/ Security Directors or higher and 75 percent represented organisations in North America.

Over 50 percent of IT professionals experienced more security-related pressures in 2013 than the year before and almost 60 percent expect the pressure to grow in 2014. The source of the greatest pressure is the threat of external attack through targeted malware. The threat of data loss arising from a successful network and system breach also ranked highly as a stressor. Only 5 percent of respondents believe their organisations are not susceptible to attack.

The study revealed that owners, boards of directors and C-level executives exert the most pressure on IT professionals. This reflects the high visibility and growing board-level presence of security concerns. Cyber risk is a common and recurring subject on board agendas. According to Trustwave, executives and board members are increasingly demanding a deeper explanation from IT professionals on security postures and often display a lack of confidence in IT risk management strategies. This wariness stems partly from the seeming inability of conventional security products and solutions to stem the tide of cyber attack and data loss.

The study also revealed that respondents struggle with the complexity of security solutions, shortages in dedicated resources and controlling capital and operational budgets.

The study recommends a number of specific actions to relieve the pressure. The first involves accepting the growing level of scrutiny from boards and other sources over security practices and managing security programs as strategic business initiatives with regular reporting to executive management. Other recommendations include augmenting in-house security expertise by partnering with outside security consultants, performing periodic risk assessments and penetration tests, focusing upon securing external-facing systems, controlling third party access and avoiding over-reliance upon security tools that provide a false sense of security.

Layer Seven’s Cybersecurity Framework delivers a comprehensive strategy to protect SAP systems from cyber attack and data breach. The framework provides a series of actionable recommendations to alleviate the growing pressure on IT professionals while avoiding the need for capital expenditure in security software. The framework equips security professionals with the insight and expertise required to safeguard mission-critical SAP resources from cyber risks. Learn more.