"Assume You Are Compromised"- The New Security Mindset

RSA, The Security Division of EMC, released a new report that takes an in-depth look at the seismic shift in the cyber threat landscape, as enterprises are increasingly targeted for corporate espionage and sabotage. The report, the latest in a series from the Security for Business Innovation Council (SBIC), asserts that for most organisations, it’s a matter of when, not if, they will be targeted by advanced threats. In an environment where the focus shifts from the impossible task of preventing intrusion to the crucial task of preventing damage, the report includes instructive guidance from 16 global security leaders for confronting this new class of threat.

The SBIC is a group of the industry’s top security leaders from Global 1000 enterprises that discuss top-of-mind security concerns and how the application of information security can address those concerns and enable business innovation. The recent string of sophisticated cyber attacks — affecting pillars of industry and government — provides the backdrop for the latest report: When Advanced Persistent Threats Go Mainstream: Building Information-Security Strategies to Combat Escalating Threats. Within this landscape, the report reveals that APTs – a menace once confined to the defense industrial base and government agencies – are now targeting a broad range of private sector organisations to nab valuable intellectual property, trade secrets, corporate plans, access to operations and other proprietary data.

“It is a very intelligent, well-armed, and effective foe that is fantastic at what they do,” said Roland Cloutier, Vice President, Chief Security Officer, Automatic Data Processing, Inc. and member of the SBIC. “It’s going to take a new approach in most enterprises to combat it.”

Fundamental Change in Quality of Cyber Attacks

The term APT originated to describe cyber espionage in which a nation-state gains access to a network to, over long periods of time, extract national security data. Today the term APT has broadened as attackers expand their target lists and nation-states are no longer the only groups deploying these sophisticated techniques. Rather than gain entry through the network perimeter, today’s ambitious attackers prefer to target human vulnerabilities, exploiting end users through social engineering techniques and spear phishing.

“Cyber criminals have aggressively shifted their targets and tactics,” said Art Coviello, Executive Chairman, RSA, The Security Division of EMC. “In the never-ending war for control of the network, the battle must be fought on many different fronts. All organisations are part of the greater ecosystem of information exchange and it is everyone’s responsibility to build and protect that exchange.”

Top Security Officers Urge, “Assume You Are Compromised”

This latest report from the SBIC urges organisations to adopt a new security mindset, shifting the concept of success from preventing infiltration to detecting attacks and mitigating damage as quickly as possible. With this in mind, the Council offers seven defensive measures against escalating APT threats:

1. Up-level intelligence gathering and analysis – Make intelligence the cornerstone of your strategy.

2. Activate smart monitoring – Know what to look for and set up your security and network monitoring to look for it.

3. Reclaim access control – Rein-in privileged user access.

4. Get serious about effective user training – Train your user population to recognise social engineering and compel them to take individual responsibility for organisational security.

5. Manage expectations of executive leadership – Ensure the C-level realises the nature of combating APTs is fighting a digital arms race.

6. Rearchitect IT – Move from flat to segregated networks so it’s harder for attackers to roam the network and find the crown jewels.

7. Participate in intelligence exchange – Leverage knowledge from other organisations by sharing threat intelligence.