In our efforts to solve targeted assaults, we often work with IT administrators from different companies to face threats to their network. During these collaborations, we recognize some misconceptions that IT administrators – or perhaps companies – at all targeted attacks. I will be addressing some of these in this registration and I hope to explain the IT administrators about how strategies against targeted attacks, also known as APT, are needed.
Target assault is a unique effort
Some IT administrators tend to think that individual assaults are individual efforts – in order to detect and prevent the assault, it means assault itself. It is true, however, that targeted assaults are also referred to as an APT, because the term describes the assault well: higher and continuous. Assaults are often well planned and dynamic enough to adapt to changes within the target network. The ability to track and prevent efforts will result in removing the threat. In any case, this may mean that there are some other non-detected attempts, which raises the need for constant monitoring.
There is one solution for targeted attacks
The requirement for complete and effective solution against targeted assaults is quite high, but the answer can not simply exist in the nature of targeted attacks. The attackers spend a lot of time and recognize the target company – their IT environment and their security protection – and IT managers must adapt this way of thinking in terms of their safety strategy. All networks are different, which means that everyone needs to be configured differently. IT administrators must fully understand the network and implement the necessary protection measures to fit their environment.
Your company is not important enough to attack them
Another big assumption to the company is when it comes to targeted assaults as they are unlikely to be targeted because they do not have important data in their systems. Unfortunately, the importance of specific data may be in relation to the intentions of those trying to capture it. For example, a person in HR in the company may not have much relevance to former employees of former employees, but the attacker can find use as a reference to social engineering. As Raimund said in one of his videos earlier this year, companies have to identify their baseline data and adequately protect them.
Targeted attacks always include day-to-day weaknesses
It is clear that day-to-day weaknesses pose a big risk to businesses and consumers in general. However, based on the analysis of previously targeted assaults, older weaknesses are more often used. In our report on attacks targeted in the second half of 2013, it was not the most advantageous vulnerability found in 2012, but the same year was corrected. This trend increases the importance of implementing security updates for all systems within the network – upgrading one system loss can be all that is needed to compromise the entire network.
Targeted assaults are a malware problem
The last mistake I’m about to discuss is quite complicated because it’s really true. IT administrators are mainly dealing with a decision that prevents malicious access to your network. Although this is a genuine concern, the malware focus will only solve part of the problem. Targeted attacks include not only appointments, but also the entire IT environment. For example, many tools associated with the side organization are valid management tools. If the solution focuses only on detecting malware, it will not be able to detect malicious activity. IT administrators should consider solutions that cover all aspects of the network.