Kaspersky Lab

Country selectionNews ArticleNews ArticleNews ArticleNews ArticleNews Article

Whitepaper/ Produktinformationen


Cyber attacks

Targeted attacks and cyber-espionage -- The onward march of ‘hacktivism’ -- Nation-state sponsored cyber-attacks -- The use of legal surveillance tools

If your organization has never suffered an attack, it's easy to tell yourself that 'It won't happen to me', or even to imagine that most of what we hear about malware is just hype. This is especially true for targeted attacks. It’s easy to read the headlines in the computer press and draw the conclusion that targeted attacks are a problem only for large organisations, particularly those who maintain ‘critical infrastructure’ systems within a country. However, any organization can become a victim. All organisations hold data that could be of value to cybercriminals; and they can also be used as a ‘stepping-stones’ to reach other companies.

Most malicious programs are designed to be as unobtrusive as possible, quietly gathering data in the background.  This makes them much more insidious than the cyber-vandalism of the 1990s.  The financial impact of malware today is much harder to determine, because a victim may not even know that they have been infected, or what data may be have been stolen by the cybercriminals.  Most attacks are speculative - designed to trap anyone unlucky enough to fall victim to them.  But it's clear that the number of targeted attacks is increasing.  The aim is get a foothold in a target company, steal corporate data or damage a company's reputation.  Also, we’re now in an era where malicious code can be used as a cyber-weapon:   and while an organization may not be in the direct firing line it could become ‘collateral damage’ if it isn’t adequately protected.

So it's important to invest in security.  This means developing a security strategy.  But it should be one that’s specifically tailored to your business, not one based solely on a generic ‘best practices’ template or loose ‘guesstimates’ about the overall cost of cybercrime  What’s important is gauging how malware has impacted your business historically and how it might do so in the future.   It’s also important to realize that security is like housework – it's only meaningful if you repeat the process at regular intervals.  So you need a mechanism to measure the effectiveness of the security tools you use and you need a process for updating the strategy to meet new threats as they arise.

Organisations need to start by playing a game of 'what if'.  That is, they should conduct a thorough risk assessment that looks at (a) all the risks the business faces, (b) how security might be compromised (c) the cost to the business of a breach and (d) how effective the mitigation strategy is.  Factors that influence this include how the business functions, where staff operate, what devices they use to conduct business and where corporate data is stored.

As a starting-point, here’s a list of the key building blocks of a security policy.

·         Assess the risks.

·         Establish policies & procedures.

·         Create an outbreak response plan and a team to manage it.

·         Deploy appropriate security solutions.

·         Define a security update strategy.

·         Document the policy.

·         Develop a staff awareness strategy.

The volume of malware (Kaspersky Lab analyses around 200,000 unique samples every day), the speed at which it spreads and the growing sophistication of attacks – including bespoke attacks against specific targets – make the use of proactive technologies essential.  It’s important to deploy anti-malware solutions that bring together an array of technologies able to block new, unknown threats in real-time, rather than simply relying on signature-based protection alone.

The outbreak response plan should not only include a plan for mitigating any threat, but also for ensuring business continuity and for managing any non-technical aspects of an attack – i.e. handling public relations and taking necessary measures to minimize the impact on the company’s reputation.

Many of today’s threats are highly-sophisticated.  But often the starting-point for a targeted attack is to trick individuals in the company into doing something that puts the company’s security at risk.  Cybercriminals also gather information from social networks and other public resources that allow them to tailor their attack to bypass the company’s security.   People are susceptible to social engineering tricks for various reasons.  Sometimes they simply don't realise the danger.  Sometimes they're taken in by the lure of 'something for nothing'.  Sometimes they cut corners to make their lives easier – for example, using the same password for all online accounts.  Unfortunately, businesses often ignore the human dimension of security.  Even if the need for staff awareness is acknowledged, the methods used don't achieve positive results.  Yet we ignore the human factor in corporate security at our peril, since it's all too clear that technology alone can't guarantee security.  So it’s important for organisations to make security awareness part of their security strategy.


Toke Mølgaard

Send e-mail
Tel. +45-(0)33 38 43 01
Fax +45-(0)33 91 09 12

Kaspersky Lab on the Web

Virus Analyst Blogs