Rising security threat should motivate better employee support: Symantec

Many organisations are improving internal efficiency as they introduce Internet security response services as part of 'defence in depth' strategies to fight the exploding cybercrime threat, a Symantec managed security services expert has reported as the company's latest cybercrime report analysed a surge in 'mega breaches' during 2013.

The company's latest Internet Security Threat Report (ISTR) found that cyber-criminals were scheming more and becoming increasingly effective at siphoning large quantities of information from their target organisations. That led to a 62 percent increase in the number of data breaches in 2013 compared to 2012, with information on 552 million identities exposed.

That figure corroborated the attack volumes posted by the SafeNet Breach Level Index, a recently-launched catalogue of individual security incidents that currently reports some 760 million records have been lost through 2013 and 2014 to date.

The ISTR's figures included eight mega breaches, which are classified as incidents in which tens of millions of records were compromised; in 2012, by contrast, only one incident was that large.

Symantec's analysis attributed much of this success to attackers' shift from large-scale spam attacks – which dropped to 66 percent of all email traffic during 2013 – to careful targeting of individuals with often personalised malware payloads that are sometimes combined with social-engineering nous, such as a follow-up phone call purportedly to confirm receipt of the previous email.

Targeted campaigns were up 91 percent during 2013 compared with the previous year, according to the ISTR findings.

“These targeted attacks are becoming more stealthy, sophisticated, and persistent in their activity,” Peter Sparkes, Asia Pacific & Japan director for managed security services with Symantec, told CSO Australia.

“They're becoming low and slow, and the number of days they last has increased to around 8 days per targeted attack. A lot of times, they're using small businesses as a stepping stone to access larger businesses. They're also targeting individuals because information about them is readily accessible, and they're quite easy to find and target.”

The threat has been compounded by the explosion in mobile usage, which allows cyber-criminals to target employees outside the range of internal security controls; some 38 percent of mobile users experienced mobile cybercrime in the past 12 months, according to ISTR figures.

This fact is leading many companies – small companies in particular – to find that they lack the internal processes to support employees in learning about and intercepting attempts to compromise their security.

While there has been a broad range of responses to the growing cybercrime threat, those companies likely to be most successful will be those that take the time to set up formal support processes to ensure staff can function most effectively.

“Organisations are looking at not just prevention technologies as being the way to help them get secure,” Sparkes said. “We're seeing a lot of organisations look at defence in depth strategies – at really rapidly improving their Internet response. There's a lot of effort by companies trying to get a single viewpoint of their security monitoring and detection systems.”

That kind of improved operational visibility can have follow-on benefits for organisations in becoming more responsive to all sorts of operational challenges as they arise, Sparkes added.

“We've seen a lot of these breaches where companies have done well; in fact, some companies have actually expanded their business by having very good incident response capabilities. And, when I talk about incident response, I don't just mean IT incident response – I mean a whole of organisation response.”

Given that the tide of malicious attacks continues to rise quickly – delivering ISTR results that Sparkes says didn't offer “any real surprises” – many companies “took our eye of the ball that all these mega breaches were occurring,” Sparkes continued.

That obscured the visibility of ongoing vulnerabilities, with 1 in 8 Web sites having a critical vulnerability despite years of trying to reinforce a culture of continuous updates. That issue has recently come to the fore as Heartbleed, a high-profile vulnerability that shocked the security community to action this week for its widespread nature, saw organisations of all sizes rushing to update the common-used OpenSSL application and hackers rushing to beat them to it.

Such attacks “reinforced the need for companies to not just put all their money into prevention techniques, but to have an overall prevention strategy with regard to security,” Sparkes said. “Protecting your Web sites and patching are still critical for an organisation, but even simple things like educating users and basic security protocols are still very important.”

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about CSOSafeNetSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts