The tip of the security iceberg
We are only seeing the very tip of the iceberg in terms of numbers of organisations that are being compromised
We are only seeing the very tip of the iceberg in terms of numbers of organisations that are being compromised, according to Don Smith, director of Technology at Dell SonicWALL.
Smith said that there are many companies who have had national secrets or intellectual property stolen that have not reported the security breach.
“Wholesale campaigns have been conducted by individuals in many different territories against successful enterprises, and for me that is the biggest issue that we are facing at the moment. Rather than it being a breach where 100 million usernames and passwords are stolen, which can be dealt with in a relatively short time, we are talking about more insidious threats that could genuinely threaten the economic success of the targeted regional enterprises,” he said.
According to Dell SonicWALL, the interesting thing is how easily such attacks can be successfully launched.
“If I think of two specific examples that I personally have been involved with recently, the first one was a targeted spearphishing email sent to a few people in the organisation with the subject of a human resource issue, designed to persuade employees to open it. As soon as one individual clicked on the email then the email dropped some tools, captured some passwords and very quickly moved around the network. In another incident we worked with a global multi-national company and the bad guys had pre-infected a site of interest, also called a ‘watering hole’ site and a member of that organisation who went to that site was then infected,” said Smith.
Dell SonicWALL says that no single security control is sufficient to protect the enterprise; enterprises have to adopt a layered approach to security with controls at every level of the stack, network, application in order to protect the company from a persistent attacker or group of attackers.