By Graham Welch, EMEA Managing Director, Sourcefire, now a part of CISCO
Newspaper headlines that the international space station might have been compromised by a computer virus might be sensational and grab much attention, but seem far removed from everyday organsations and businesses most of us work for and with.
But the reality is that while this sort of high profile attack grabs media headlines, the majority of businesses around the world also face cyberattack and their networks will be compromised – either by professional cybercrime gangs or in this case the actions of a well meaning insider.
While every year organisations around the world spend millions of dollars on internet security designed to stop cybercriminals getting into their networks. And while that is undoubtedly a major threat, research from technology analyst firm Forrester, suggests actually one of the biggest threats is from company insiders who were the top source of breaches in the last 12 months, with 36 percent of breaches stemming from inadvertent misuse of data by employees.
Of course this should not be a surprise to anyone – after all insiders have the most unfettered access to critical systems and data so it stands to reason they would be a top route for attacks and data disclosure problems. But this research illustrates the need for enterprises to monitor their systems and data for suspicious changes and activities, regardless of the source. Merely watching network traffic into and out of the network is not sufficient.
It seems people cannot stop themselves clicking on links they receive in emails without even the most cursory check on whether it is a valid link or not. It is an easy step often overlooked that you hover your mouse over the link and see what web address it is trying to send you to.
A customer of ours who manages security for one of the biggest banks in the world openly suggests the issue of members of staff clicking on links in emails as one of the biggest issues his team faces. Clickers just can’t help themselves clicking it seems just to see what happens … even when they know they shouldn’t!
Cyber criminals are very clever and so they often go to great lengths to disguise their malicious intent by replacing a single letter in a valid web address to trap the unwary, after all looking quickly, it is difficult to spot when what should say: www.thisisvalid.com is changed to www.thisisvalids.com or something similar.
Also people are largely trusting in nature. If you get an email from a friend, family member or work colleague with a link, we tend to think it is genuine and trust the content. Yet again we know that cybercriminals can easily mock up an email reportedly from an acquaintance to fool us into believing it to be genuine.
New research commissioned by Sourcefire has revealed that 90% of UK workers surveyed have clicked on a web link embedded in an email with two-thirds (66%) admitting they very rarely first check to ensure the link is genuine.
Social media, and other publicly available data enables those same criminals to build up a profile of what interests us and so when they target us, they do so with something convincing which we will be more likely to believe.
This is why visibility across the whole corporate network is critical to managing security. It is not enough to just defend the threat coming into and out of the network; you have to be able to manage the threat across the whole continuum, before, during and after the attack.
By having detailed visibility into malicious activities, it enables businesses to detect, remediate and control malware outbreaks. Network File Trajectory and Device Trajectory allows security teams to quickly determine the scope of an outbreak and track malware or suspicious files across the network and at the system level. That way it is possible to spot how the attack got into the network; where it went from entry and what activities were carried out. This allows speedy resolution and remediation to limit the impact.
People are no doubt the soft-underbelly of any organisation, and through education and awareness we can try to limit their ability to compromise network security. But equally we have to expect the compromise to still happen, and to have the ability to spot malicious activities happening quickly and deal with it equally quickly to mitigate the risk of serious data loss and compromise.