Advanced persistent threats – how organizations can keep pace with the growing sophistication of cyber crime

Threats posed by cyber crime have increased dramatically in the past year. Yesterday the Washington Post announced that Google has enlisted the help of the NSA to combat cyber crime attacks directed at them and other U.S. corporations. While this is sure to generate privacy concerns in the user community, it is more importantly a visible indicator that cooperation is one of the more important factors in combating cyber crime. In fact in the last 6-12 months there has been a rapidly growing informal network of cooperation within the business and IT leadership of major corporations simply to get a handle on how to respond and manage risk in this highly dangerous threat environment. Let’s look and some of the more important ways to manage in this environment and deal with these classes of attacks.
The current reality of cyber crime is that the threat environment has shifted from broad based hacker oriented attacks that posed a primary risk to business availability to targeted operations aimed at specific corporations, particular people in the organizations and key business processes that contain high value data such as strategic plans, source code, intellectual property and acquisition intentions. What should be done? I would recommend aggressive action in several areas:
• Risk management – identify the high impact, high probability risks to the business and focus technology and skilled personnel accordingly.
• Security awareness – the target of these APT attacks are most often executive leadership; make sure they know they are likely to come under attack and prepare a response plan.
• Industry cooperation – realize that these attacks are often state sponsored and backed by significant resources. There are many resources that can be drawn from to exchange information regarding best practices, threats and vulnerabilities. Just couple of examples include the IT – Information Sharing and Analysis Center and Cisco System’s Security Intelligence Center.
• Aggressive and appropriate defense – drive your security program based on risk to your most important assets, monitor outbound and internal-internal communications for signs of data exfiltration and command/control communications and look for both network and host-based indications of compromise.