A few days ago I became the innocent victim of a "blended threat"
attack when a Volkswagen Golf and a Hyundai Getz joined together and rammed
my two-week-old car sitting in front of my house. Of course, as with all blended
attacks, it was impossible to foresee that the idiot in the Golf would drive
70 mph in a 30, and that my neighbor would decide to turn right into her driveway
just in front of him. The result was that they blended together, targeting my
Worse was to follow when the fire department arrived and decided that the only
way to get the neighbor -- who wasn't seriously hurt apart from the wallop from
the airbag -- was to cut the roof of her car. Of course, size 16 boots and cutting
gear didn't enhance the appearance of my pride and joy. If only I had parked
in the driveway...
Now some of you might be wondering what on earth I'm talking about. What is
a blended threat? According to the AV folks, it's "an attack combining
a number of traditional attack methods, like a worm, a Trojan horse, and a keylogger."
Like myself this information may not make you any the wiser, but it certainly
sounds impressive. But the question is, how susceptible are we to blended threats,
and are these the threats we really need to worry about?
Today, everybody including your grandmother is using the Internet. The vast
majority of users live in a state of paranoia that everyone from Bin Laden to
the tax man is attacking their PC every time they connect. However, you would
have to be increasingly unlucky (or parked in the wrong place) to fall victim
to this, especially in the corporate world. Your IT security team has probably
seen to it that you have every form of defense known to man on your infrastructure.
In fact your PC is probably so well protected you can't even use it. And yet
there is hardly a day that goes by that someone doesn't fall victim to another
form of blended threat. While your IT security team is focused on perimeter
security and extending that perimeter to the end point, they have forgotten
what they're supposed to be protecting. They also seem to forget that the money
to pay for frequently useless IT toys has to come from the business.
So why is security failing in spite of all this technology that is supposed
to protect us against every theoretical threat that might possibly exist? Well,
probably because they're focusing on the wrong blended threat.
The blended threats that pose the biggest risk are of a much more virulent
strain than the odd virus or worm that finds its way to your PC. It's the blended
threat of the dishonest employee who steals information from your business and
the opportunistic tax man who is willing to pay him for it. Or it's the employee
who used to work in the back office and now works as a trader on your banking
floor. It could be the former IT employee who had privileged access to your
systems and still has remote access, or the compliance officer who is being
well rewarded for helping your competitor analyze your contracts. The biggest
blended threat today is the worm you've hired to do a job and sets about to
damage your business.
In a recent survey that Cyber-Ark conducted amongst 300 IT administrators,
over a third admitted to using their privileged rights to access information
that is confidential or sensitive, by using the administrative passwords as
a means of peeking at information that they are not privy to and snooping around
Anyone who pays the slightest bit of attention -- and hopefully your IT Security
staff has -- will be aware the evidence has shown conclusively that up to 90
percent of incidents in business relating to the loss of assets results from
staff that have privileged access to IT systems and applications. An interesting
side note from the study is that 57 percent who were responsible for the fraud
should not have had authorized system access at the time of the attack. Some
other minor stats that should not go unnoticed: 81 percent of the attacked organizations
experienced a negative financial impact as a result of insider activities, 75
percent of the organizations experienced some impact on their business operations
and 28 percent experienced a negative impact to their reputations. I don't know
of any worm, Trojan horse, keylogger, virus or whatever else that can claim
that level of success.
If you want to deal with the real blended threat then protect your assets.
This means that information that's essential to the life of your business is
only accessible to those who need it. And if you think that this is all science
fiction, let me share some of the requirements I recently received from a company
that understands what is of value. Among their requirements are:
End-to-end encryption of stored data and transmitted data.
User-to-user information exchange via a secure digital vault.
User-to-system or system-to-user information exchange. For example, automated
systems processes to transfer files into the secure digital vault using a secure
Reduce the need for manual intervention, using facilities such as automatic
email notification of files uploaded or retrieved.
Secure tamper-proof audit trail that cannot be modified by IT personnel.
Allow information owners to control who can access their data in the secure
digital vault. Allow Audit to review who has accessed data without actually
being able to see the data itself and allow IT administrators to perform backups/restores/manage
quotas without having visibility of the data itself.
Provide reports on secure activity, e.g. file uploads and retrievals, user
creations and password changes, access right changes, failed authentication
Capabilities to limit the sources from which external users can access the
data over the Internet.
Provided guaranteed delivery of large files, including resuming of partial
downloads that were not completed due to network errors.
These requirements should be de-facto for any business, and it's up to the
business to take the lead and not continue to be dictated to by the IT staff,
who doesn't necessarily understand the business. As for me, I've decided the
wife can park on the street. My car goes in the driveway from now on.
Cyber-Ark - Cyber-Ark(r) Software is a leading provider of Privileged Identity Management (PIM) solutions for securing privileged user accounts and managing sensitive information across the enterprise. For further information visit www.cyber-ark.com