How should organisations in this region prevent themselves from falling prey to APTs?
The advent of APTs means that companies need to review their security framework with a fresh set of eyes and potentially overhaul the framework. Thus, the best way forward for any organisation to defend against APTs is to ensure that they are well defended against all targeted attacks.
To that end, they should undertake risk assessment in four key areas that can help uncover potential risks from targeted attacks:
- Malicious Activity: Uncover and analyse malicious activities in an environment.
- Targeted Attacks: Look for evidence of infection specific to your organisation.
- Data Loss: Find data spills that could be targets for hackers.
- Vulnerability: Analyse web applications, databases, servers, and network devices for vulnerabilities.
Once they have completed risk assessments, they can proceed to address key security areas to strengthen. This can be done through a combination of holistic solutions such as Endpoint Security, Data Centre Security, Managed Security Services and a Security Awareness Program for Employees.
What skills should security professionals today possess to enable them to better prevent and deal with APTs?
With the increasing complexity of the threat landscape, security professionals need to adopt a holistic approach for security, supported by both technical means, and critical analysis skills.
The sophistication of APTs signals the need for security professionals to change their mindset-they need to evolve from planning a strategy purely around attack prevention to additionally adopting a detection and mitigation strategy that will limit the volume and severity of the breaches, and help alleviate and mend the damages. This shift in mindset is critical to get professionals to consider a holistic approach that involves not just endpoint and data centre protection, but also on the intangible elements such as employee education on security best practices.
Critical analysis skills will also come in handy when dealing with APTs, particularly in the detection of APTs when they are in the "low and slow" phase of the attack. They will be required to spot nuanced signs in the company's networks that may reveal the existence of a Trojan Horse lying low within, or detect subtle changes in activity on their networks to uncover malware.
Sign up for Computerworld eNewsletters.