Referring to last year's hack of RSA as a "tremendous learning experience in retrospect", the company's chief security architect, Robert Griffin recently warned a select Dublin audience that "basing a security strategy on [regulatory] compliance" alone will lead to enormous issues in the coming years.
Working in the security industry for over three decades, Griffin was the main speaker at an RSA-sponsored talk at Dublin's Merrion Hotel over the summer entitled ‘The Anatomy of Cyber Attacks'. Attempting to explore the changes in the threat landscape over the past year, the hope for those in attendance was to gain an insight into how security strategies can be updated to handle more advanced threats.
With this in mind, unsurprisingly Griffin told those in attendance that the protection against advanced persistent threats (APTs) will become a "core" focus for many businesses in coming years.
Griffin said there are currently "three different classes of attacks", namely organised crime-led attacks, nation state threats and threats from non-state actors such as hacktivists and possibly terrorist organisations. While many businesses will not feel they are in danger of being targeted by any of the above Griffin was keen to stress the growing trend of "drive-by attacks" from criminals, with cybercrime resources more readily available than ever.
"There are sites that act as a Gumtree for infections," said Griffin referring to the popular classifieds site and how easy it is for criminals to target businesses at will. As for changes to security strategies to protect against APTs in particular, Griffin warned that good IT security staff are more important than ever before.
Noting that cyber threats have become "more subtle and have a greater ability to bypass firewalls and antivirus models", Griffin said that in RSA's case, when they were hacked in April of 2011 (after a nefarious email was opened by a member of staff, allowing hackers to get their hands on information from company records), the attack was only picked up because of a researcher who realised there were "some odd patterns and activities" going on in the network. Griffin commented that with conventional approaches to information security no longer sufficient, an intelligence-driven approach - with well-trained staff - is required to combat current adversaries.
He recommended an approach to security that includes elements such as an asset strategy (with the drawing up of a "digital assets map" of vital importance), employing a suite of security services and breach security planning ("you have to test the proper responses are in place").
Griffin was joined by Lee Miller who is a lead architect for risk and compliance solutions with Terrekmark, a Verizon company. Miller said those looking to revolutionise their security strategy should look towards "adaptive authentication, proactive web application security, deeper analysis of the network, better response to network traffic, ‘anti-social' engineering" and having a plan to deal with ‘zero-day' malware which targets previously unknown vulnerabilities within a network.