Commenting on the New York Times report that the US is again being bombarded by attacks from Chinese hackers using different techniques to steal data from scores of American companies and government agencies, Lancope says that the rise in this form of cyberconflict indicates the importance that cyberspace now has in government circles.
And, says Tom Cross, the network visibility and security intelligence specialist’s director of security research, the fact that state-sponsored attacks are on the rise means that IT professionals – and their managers - need to review their technology defences.
“We’re hearing more and more about state-sponsored attacks, so you can be sure that this form of technology subversion and compromises are now firmly part of the modern security threat landscape. The reality is, however, that governments and their agencies have access to the very latest attack techniques and technologies, meaning that organisations need to significantly raise the bar on their security defences,” he said.
“As we said in our just-published report on APT attack vectors (http://bit.ly/15FoCTY) few organisations currently view their incident responders as the front line in their defensive posture, yet it is obvious from the evolution of APTs – and, of course, state-sponsored attacks – that intelligence forms a key role when developing a security strategy to better defend your businesses’ data and allied IT assets,” he added.
The Lancope director of security research went on to say that this means that the incident response team should become a central part of the defences that organisations employ to protect their network.
The good news, he says, is that analysing what is happening on a network – including IP traffic attacking from outside AND inside the IT resource – can be completed on an automated basis using suitable technologies.
These technologies, he adds, should include virtual, mobile, identity, application and host reputation monitoring, as well as other advanced network security monitoring.
“Taking this approach to network monitoring can go a long way, we have found, to improving early threat detection and incident response capabilities for the many hundreds of government and enterprise organisations around the world. And if they can do this, then your own organisation can as well,” he said.
“While the advent of state-sponsored attacks is just another threat from a security analysis and defence point of view, its importance should not be overlooked. Lessons can be learned from these types of attacks and new strategies – as well as security trajectories – developed accordingly,” he added.