“We are seeing an increasing trend in major cyber security incidents that lie undetected for six months or more,” says Dimitriadis. These long term security threats suggest that hackers and criminals are becoming more patient and willing to launch attacks with greater sophistication and patience.
Kaspersky and the U.S. military
Security providers face constant pressure to deliver reliable solutions and keep up with attackers. In 2015, security companies and military organizations experienced security incidents. Even organizations that take pride in their security measures are targeted and experience significant repercussions.
In June 2015, Kaspersky Lab, a Russian based cybersecurity company, announced that it was attacked by hackers. The company stated that several new techniques were used by the hackers. Exploiting vulnerabilities in Microsoft software was a key part of the attack. Even worse, the attack targeted software often used by IT staff to install updates on end user machines.
Key findings from the Kaspersky Lab
- Government sponsorship suspected. The company states that the sophistication of the attack suggests that an unnamed government may have sponsored the attack.
- Cybersecurity assets sought. Products that safeguard operating systems and prevent fraud were targeted by the attack according to Eugene Kaspersky, the company’s founder and CEO.
- Attack disclosure. Eugene Kaspersky recommends disclosing attacks to other impacted companies such as Microsoft and to law enforcement agencies. The company’s willingness to disclose the attack incident may be related to the fact that no customer data was lost and the company’s products were not impacted.
Security impacted by complex arrangements
Over the past decade, IT leaders have used outsourcing and contractors to reduce costs and increase flexibility. Unfortunately, these practices may increase security risks. In 2015, the U.S. Army National Guard (ARNG) suffered an incident where personal data (i.e. names, social security numbers, addresses, dates of birth and pay data) for up to 868,000 current and former members of the ARNG were transferred out of a secure environment by a contractor.
“The specific information was transferred by a government contractor and was used for budget analysis for various federal programs,” says Major Jamie Davis, U.S. Army National Guard. “We believe the specific files containing the personal information was safeguarded and not used to compromise anyone's identity.”
To err on the side of caution, military authorities took action in response to this incident. Notices were sent to each state’s National Guard unit. In addition, a call center was established to address questions and concerns related to the incident and possible identity theft. The military’s response shows that a proactive response may be needed even in cases where the probability of harm is low.
Improving cybersecurity in 2016
In 2016, IT leaders have a number of options to improve security. The specific mix of options an organization chooses will depend on its resources and current security matters. Dimitriadis’s advice to IT managers looking to improve cybersecurity:
- The internal challenge. “Lack of awareness in basic security matters and malicious acts by staff remain significant security risks. These threats can be reduced through training programs.”
- Use new technologies. “New technologies such as security as a service offer an excellent supplement to internal security departments.” The Cloud Security Alliance, established in 2009, has a dedicated working group focused security as a service. Security as a service means providing security services through the cloud.
- Combat social engineering threats. “There are technologies to block phishing emails and suspicious web links, training remains essentials to combat social engineering. For example, you receive a call or email from someone claiming to be a senior executive and they request sensitive data. In that case, it makes sense to verify that request by calling them back at their office phone number or checking with another manager prior to releasing the information.”
Sign up for CIO Asia eNewsletters.