Research firm highlights strategies for dealing with the increase in Advanced Targeted Threats
Research firm Gartner has said that organistaions must stop blaming threats for their vulnerabilities as many attacks that include zero-day exploits often use well-known vulnerabilities as part of the overall attacks.
Gartner said that security controls need to evolve. The firm added that advanced security threats are increasing, but simply adding more layers of defence does not necessarily increase security against targeted threats.
Gartner vice-president John Pescatore said, "Targeted attacks are penetrating standard levels of security controls and causing significant business damage to enterprises that do not evolve their security controls."
"For the average enterprise, 4 percent to 8 percent of executables that pass through antivirus and other common defenses are malicious. Enterprises need to focus on reducing vulnerabilities and increasing monitoring capabilities to deter or more quickly react to evolving threats. There are existing security technologies that can greatly reduce vulnerability to targeted attacks."
Gartner analysts said the term "advanced persistent threat" (APT) has been overhyped and is distracting organizations from a very real problem.
"The reality is that the most important issues are the vulnerabilities and the techniques used to exploit them, not the country that appears to be the source of the attack," Pescatore said.
"The major advance in new threats has been the level of tailoring and targeting — these are not noisy, mass attacks that are easily handled by simple, signature-dependent security approaches."
Gartner said that targeted attacks have three major goals: denial of service to disrupt business operations; theft of service to obtaining use of the business product or service without paying for it; and information compromise to stealing, destroy or modify business-critical information.
The motivation for advanced targeted threats is usually financial gain, said Gartner.
Gartner said that to deal with advanced targeted threats companies must own the vulnerability and stop blaming the threat.
If IT leaders close the vulnerability, then they stop the curious teenager, the experimental hacker, the cybercriminal and the information warrior, said Gartner.
Gartner also said that organisations must focus on security, not compliance.