Targeted attacks: businesses under threat

Targeted Attacks: Businesses under threat

Sergey Novikov: Hello everybody, my name is Sergey Novikov. Targeted attacks are still the hottest topic in industry and that’s why we decided to invite our experts again and ask them some more questions about targeted attacks. So, mister Costin, is it true that only big companies are subjects of these attacks?

Costin Raiu: Definitely not. For the moment we are seeing cybercriminals focusing on the big companies because they can get the most profits from the big companies, they also have a very good chance of getting a successful attack against the big company with a lot of employees where as you probably know is much harder to train everybody, to secure all the computers, to make sure that the space is secure. But I do think that there are not just big companies, also medium-sized businesses and small businesses are just as vulnerable to this kind of attacks. The question here is probably not in the physical size of the company but the size of their assets, how much intellectual property do they have which can be turned into money in the end.

Sergey Novikov: Give me suggest, how do I protect me and my company against targeted attacks.

Magnus Kalkuhl: Well, as Costin already said, one of the main factors of targeted attacks is social engineering and this means that it’s not technically, sure in most cases it’s the users, the humans in company that are the weak point. So you have to ensure that your users know how to protect themselves and how to protect the company. And this is only possible that you need to do awareness trainings for example, awareness trainings, this is nothing to do, onetime training like some companies do because if you just do it like for new employee, you give this person a onetime training, several weeks this person forgot almost everything. So you need to do this kind of awareness training regularly and training can be like presentation but it could also be for example just sending some, you know, fake messages through e-mail systems and I know that some companies are already doing it, so they are sending messages to their employees and just to check if they would click on the link for example. And then they go to website and in this case you would have been infected and this is actually a very simple but also pretty effective way of teaching your employees to be careful on what click on.

Sergey Novikov: Thank you. And how many companies are infected? Do you have any numbers or no?

Magnus Kalkuhl: Yeah, numbers of infected companies and attacked companies, this is actually very hard to tell because naturally most companies don’t want to tell if they are infected because it’s bed for the reputation. So, unless they don’t have to because some cases a loss for companies to tell their customers that they have been attacked but unless they don’t have to, they will try not to tell anyone about it, they try to conceal these cases, if they know about attack at all, like I sad in most cases company will not find out that they have been attacked.

Sergey Novikov: So, and in the end, I understand what should we do to stop these attacks, to protect these attacks but can you tell me what are security companies doing to prevent these targeted attacks?

Costin Raiu: Well, obviously we have been just standing and we are now working on new technologies design to control this kind of attacks. For instance we do thing that’s the one of the most promising technologies, is sandboxing. Through sandboxing is possible to isolate a targeted attack inside the restricted environment. That means that the cybercriminals will not have access to your full computer, your full documents and to the servers inside your company. So, sandboxing is one of the options, so we are also working on proactive detection technologies which will allow us to catch these attacks as they are happening. So, in every security company, in every product there is a layered approach to security. So, the first line of defense is traditional definitions, traditional signatures and then we have heuristics, genetics, the second layer and the third layer should be sandboxing and proactive technologies meaning. Imagine that you get infected with totally unknown malware that is not detected by the conventional signatures; it’s not dictated by the heuristics. But then the program, the security program sees that these new malware that is unknown is trying to access private documents on your hard drive; it is trying to daze them and send them to a FTP server in China, that’s definitely suspicious. So we are working on technologies which will look for this kind of suspicious behavior and they will attempt to block these activities in the third layer of defense. And that will allow us to protect our users even against unknown targeted attacks.

Sergey Novikov: Do you think we have the proper laws for such cases? What else is needed?

Magnus Kalkuhl: Well, actually of course targeted attacks are forbidden in every country, so laws could not change anything about the attack itself but laws can be important to protect, for example customers of an infected company. And, so in come companies, in some countries it’s required by law that targeted company, if they find out about the attack, they need to inform the customers about the incident and in some other countries this is not required. And I think that in general of course it’s good if the company is forced to tell the customers if it was under attack because if credit card data got stolen or any other private personal data, at least the customers should know about it. So, they can take whatever they think it’s useful to protect themselves.

Sergey Novikov: So thank you very much Costin and thank you Magnus. I think we have very useful information today and now I’m sure that you know how to protect targeted attacks. Thank you.