Are You Susceptible to Blended Threats? Most Definitely

Untitled Document

A few days ago I became the innocent victim of a "blended threat" attack when a Volkswagen Golf and a Hyundai Getz joined together and rammed my two-week-old car sitting in front of my house. Of course, as with all blended attacks, it was impossible to foresee that the idiot in the Golf would drive 70 mph in a 30, and that my neighbor would decide to turn right into her driveway just in front of him. The result was that they blended together, targeting my car.



Worse was to follow when the fire department arrived and decided that the only way to get the neighbor -- who wasn't seriously hurt apart from the wallop from the airbag -- was to cut the roof of her car. Of course, size 16 boots and cutting gear didn't enhance the appearance of my pride and joy. If only I had parked in the driveway...

Now some of you might be wondering what on earth I'm talking about. What is a blended threat? According to the AV folks, it's "an attack combining a number of traditional attack methods, like a worm, a Trojan horse, and a keylogger." Like myself this information may not make you any the wiser, but it certainly sounds impressive. But the question is, how susceptible are we to blended threats, and are these the threats we really need to worry about?

Today, everybody including your grandmother is using the Internet. The vast majority of users live in a state of paranoia that everyone from Bin Laden to the tax man is attacking their PC every time they connect. However, you would have to be increasingly unlucky (or parked in the wrong place) to fall victim to this, especially in the corporate world. Your IT security team has probably seen to it that you have every form of defense known to man on your infrastructure. In fact your PC is probably so well protected you can't even use it. And yet there is hardly a day that goes by that someone doesn't fall victim to another form of blended threat. While your IT security team is focused on perimeter security and extending that perimeter to the end point, they have forgotten what they're supposed to be protecting. They also seem to forget that the money to pay for frequently useless IT toys has to come from the business.

So why is security failing in spite of all this technology that is supposed to protect us against every theoretical threat that might possibly exist? Well, probably because they're focusing on the wrong blended threat.

The blended threats that pose the biggest risk are of a much more virulent strain than the odd virus or worm that finds its way to your PC. It's the blended threat of the dishonest employee who steals information from your business and the opportunistic tax man who is willing to pay him for it. Or it's the employee who used to work in the back office and now works as a trader on your banking floor. It could be the former IT employee who had privileged access to your systems and still has remote access, or the compliance officer who is being well rewarded for helping your competitor analyze your contracts. The biggest blended threat today is the worm you've hired to do a job and sets about to damage your business.

In a recent survey that Cyber-Ark conducted amongst 300 IT administrators, over a third admitted to using their privileged rights to access information that is confidential or sensitive, by using the administrative passwords as a means of peeking at information that they are not privy to and snooping around the network!

Anyone who pays the slightest bit of attention -- and hopefully your IT Security staff has -- will be aware the evidence has shown conclusively that up to 90 percent of incidents in business relating to the loss of assets results from staff that have privileged access to IT systems and applications. An interesting side note from the study is that 57 percent who were responsible for the fraud should not have had authorized system access at the time of the attack. Some other minor stats that should not go unnoticed: 81 percent of the attacked organizations experienced a negative financial impact as a result of insider activities, 75 percent of the organizations experienced some impact on their business operations and 28 percent experienced a negative impact to their reputations. I don't know of any worm, Trojan horse, keylogger, virus or whatever else that can claim that level of success.

If you want to deal with the real blended threat then protect your assets. This means that information that's essential to the life of your business is only accessible to those who need it. And if you think that this is all science fiction, let me share some of the requirements I recently received from a company that understands what is of value. Among their requirements are:

End-to-end encryption of stored data and transmitted data.

User-to-user information exchange via a secure digital vault.

User-to-system or system-to-user information exchange. For example, automated systems processes to transfer files into the secure digital vault using a secure file transfer.

Reduce the need for manual intervention, using facilities such as automatic email notification of files uploaded or retrieved.

Secure tamper-proof audit trail that cannot be modified by IT personnel.

Allow information owners to control who can access their data in the secure digital vault. Allow Audit to review who has accessed data without actually being able to see the data itself and allow IT administrators to perform backups/restores/manage quotas without having visibility of the data itself.

Provide reports on secure activity, e.g. file uploads and retrievals, user creations and password changes, access right changes, failed authentication attempts, etc.

Capabilities to limit the sources from which external users can access the data over the Internet.

Provided guaranteed delivery of large files, including resuming of partial downloads that were not completed due to network errors.

These requirements should be de-facto for any business, and it's up to the business to take the lead and not continue to be dictated to by the IT staff, who doesn't necessarily understand the business. As for me, I've decided the wife can park on the street. My car goes in the driveway from now on.

More by Calum Macleod

About Cyber-Ark Software

Cyber-Ark - Cyber-Ark(r) Software is a leading provider of Privileged Identity Management (PIM) solutions for securing privileged user accounts and managing sensitive information across the enterprise. For further information visit www.cyber-ark.com