The tip of the security iceberg

We are only seeing the very tip of the iceberg in terms of numbers of organisations that are being compromised

Tags: Dell CorporationSonicWALL Incorporated
  • E-Mail
The tip of the security iceberg Dell SonicWALL says that we are only seeing the tip of the iceberg when it comes to security breaches.
By  Georgina Enzer Published  November 18, 2013

We are only seeing the very tip of the iceberg in terms of numbers of organisations that are being compromised, according to Don Smith, director of Technology at Dell SonicWALL.

Smith said that there are many companies who have had national secrets or intellectual property stolen that have not reported the security breach.

“Wholesale campaigns have been conducted by individuals in many different territories against successful enterprises, and for me that is the biggest issue that we are facing at the moment. Rather than it being a breach where 100 million usernames and passwords are stolen, which can be dealt with in a relatively short time, we are talking about more insidious threats that could genuinely threaten the economic success of the targeted regional enterprises,” he said.

According to Dell SonicWALL, the interesting thing is how easily such attacks can be successfully launched.

“If I think of two specific examples that I personally have been involved with recently, the first one was a targeted spearphishing email sent to a few people in the organisation with the subject of a human resource issue, designed to persuade employees to open it. As soon as one individual clicked on the email then the email dropped some tools, captured some passwords and very quickly moved around the network. In another incident we worked with a global multi-national company and the bad guys had pre-infected a site of interest, also called a ‘watering hole’ site and a member of that organisation who went to that site was then infected,” said Smith.

Dell SonicWALL says that no single security control is sufficient to protect the enterprise; enterprises have to adopt a layered approach to security with controls at every level of the stack, network, application in order to protect the company from a persistent attacker or group of attackers.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code