Principal with extensive expertise in secure network design and information systems security.
Unfortunately, pain is the biggest motivator for change in every aspect of life, including cybersecurity. Until it hits home or close to home, many organizations believe they are immune to a cyber attack. In fact, I’ve had clients who have spent millions of dollars on security based on the assumption that spending more money guarantees a more secure network. But if they aren’t investing in the right fixes, all the money in the world won’t help.
If you look at most organizations’ security, they’re focusing a majority of their energy on inbound prevention. We want to inspect what comes into the organization and prevent damaging traffic from entering the network to minimize and control the negative potential. That’s a good starting point, but it’s not a complete solution in this day and age. Prevention is ideal, but detection is a must.
Organizations must focus on the traffic leaving their networks and invest in outbound detection tactics to be successful against APTs. Current and evolving attacks are stealthy in nature and designed to circumvent even the most advanced inbound prevention techniques, but it’s difficult to disguise significant amounts of data leaving the organization. . . unless the organization isn’t looking for it. Security strategies should include studying outbound traffic to identify patterns, such as length of connection, number of connections, and the amount of data leaving the organization.
Another major security investment for organizations is the thick skin of a heavy duty firewall to defend against attempts to breach network security. Again, firewalls are an important component to overall security, but it’s little more than a good starting point. In reality, most APTs don’t even attempt to compromise a network’s firewall. The number one entry point for an APT is through a well-crafted email designed to trick employees into inadvertently compromising the network by clicking a link or opening an attachment, a tactic known as spear-phishing.
As such, the best way of minimizing the risk and reducing the impact is by making users aware and convincing them to use best practices and sound judgment with emails and other breach attempts. However, you can’t rely on a single measure of protection; you must instill multiple levels of security, including both technical and administrative measures.
Finally, many of our clients have specific regulations and standards to which they must comply. These compliance standards represent a benchmark organizations need to meet, but shouldn’t dictate the security approach they take. Too many times, organizations invest heavily to meet the letter of compliance, when a more cost-effective approach would actually increase security and exceed the standards asked of them.
Effective treatment for APTs involves preventative measures, early detection, and aggressive remediation and removal tactics.
