Opportunity knocks in targeted attacks

Bob Tarzey, Analyst and Director

Quocirca Comment July 2013

Over the years cybercriminals have honed the techniques they use to attack businesses. They have moved on from largely random attacks that rely on sheer volume to take in a few gullible individuals, to targeting specific organisations and the individuals within. The techniques developed have proved attractive to a newer type of attacker, that hacktivist, who bears a grudge against a particular organisation. Added into this poisonous mix is some very sophisticated malware that nation states have developed to attack each other, which has been repurposed by the broader community of hackers. Whilst this is a problem for businesses, it is an opportunity for resellers. A recent Quocirca research report explains why traditional IT security measures, such as anti-virus, firewalls and intrusion prevention systems, are not enough to defend against such targeted attacks; more advanced defences are needed. Whilst few plan to abandon the old defences, the need for new ones is recognised and the budget is being made available. For resellers this means that many of the maintenance contracts for existing IT security products will remain in place, however they will also find a willingness to invest in new products and the services to deploy these effectively. Quocircas report looks at the details behind all this; how common certain types of attack are, which industry sectors are being hit the hardest and what defences are available; all information that should prove useful to resellers that need to overhaul their security offerings. 75% of organisations say they are concerned about targeted attacks, the majority of the rest lack awareness; few dismiss the problem as exaggerated (Figure 1). This awareness will be partly down to the reporting of such attacks in both the IT, business and popular press, but it is also because all too many organisations have actually been victims, often with a significant impact.

The likelihood of having been hit is highest in sectors with valuable intellectual property and/or lots of regulated/personal data; pharmaceutical firms, public sector bodies, manufacturers and financial services organisations top the list. The most likely impact is the loss of regulated financial data (mostly this will be payment card details) followed by lost business (Figure 2). The later may be a direct goal of a hacktivist or just due to the disruption caused by having to clean up after an attack. Given the wide coverage given in the press to some high profile attacks, the fact that negative media coverage is at the bottom of the list, just shows how many attacks are going unreported by the media. 2013 Quocirca Ltd

Opportunity knocks in targeted attacks

http://www.quocirca.com

There are many vectors that can be used to perpetrate targeted attacks. These include those that aim to directly dupe individuals such as spear-phishing (targeted emails) and social engineering (spurious contacts via Facebook etc.) However, ultimately most involve some sort of tailored (zero day) malware, often exploiting unpatched or unknown application and system vulnerabilities.

The majority of organisations have discovered malware running on their networks that they were not previously aware of. Most think unknown malware is running on their servers, mobile devices and PCs (Figure 3). Clearly, traditional security measures, which almost all have in place, are failing at some level.

30% of smaller businesses (those with less than 5,000 employees) say they have deployed some sort of technology to specifically defend against targeted attacks, 13% say they are evaluating; more need to do so. The measures that can be taken with advanced protection in place include deep packet inspection of network traffic, application whitelisting, the use of sandboxes, heuristics and advance correlation technology. More details about these techniques and others is provided in Quocircas report. One mans pain is another mans gain. No one should condone online criminal activity, but it is a reality. Resellers will benefit from new revenue streams gained through adding the defences against targeted attacks to their portfolios; so will their customers. Quocircas report The trouble heading for your business is freely available to CRN readers at this link http://www.quocirca.com/reports/797/thetrouble-heading-for-your-business
This article first appeared in CRN UK and on: http://www.channelweb.co.uk

Opportunity knocks in targeted attacks

http://www.quocirca.com

2013 Quocirca Ltd

About Quocirca
Quocirca is a primary research and analysis company specialising in the business impact of information technology and communications (ITC). With world-wide, native language reach, Quocirca provides in-depth insights into the views of buyers and influencers in large, mid-sized and small organisations. Its analyst team is made up of realworld practitioners with first-hand experience of ITC delivery who continuously research and track the industry and its real usage in the markets. Through researching perceptions, Quocirca uncovers the real hurdles to technology adoption the personal and political aspects of an organisations environment and the pressures of the need for demonstrable business value in any implementation. This capability to uncover and report back on the end-user perceptions in the market enables Quocirca to advise on the realities of technology adoption, not the promises. Quocirca research is always pragmatic, business orientated and conducted in the context of the bigger picture. ITC has the ability to transform businesses and the processes that drive them, but often fails to do so. Quocircas mission is to help organisations improve their success rate in process enablement through better levels of understanding and the adoption of the correct technologies at the correct time. Quocirca has a pro-active primary research programme, regularly surveying users, purchasers and resellers of ITC products and services on emerging, evolving and maturing technologies. Over time, Quocirca has built a picture of long term investment trends, providing invaluable information for the whole of the ITC community. Quocirca works with global and local providers of ITC products and services to help them deliver on the promise that ITC holds for business. Quocircas clients include Oracle, IBM, CA, O2, T-Mobile, HP, Xerox, Ricoh and Symantec, along with other large and medium sized vendors, service providers and more specialist firms.

Full access to all of Quocircas public output (reports, articles, presentations, blogs and videos) can be made at http://www.quocirca.com

Opportunity knocks in targeted attacks

http://www.quocirca.com

2013 Quocirca Ltd