(Page 2 of 3)
More Sophisticated than Ever
Ken Pickering, development manager for security intelligence at CORE Security, told us attacker profilers have advanced since the inception of cybercrime and cyber-espionage.
"We see the level of sophistication and organization rapidly increasing, and for the most part, are unable to cope with the emerging threat they pose. What worries corporations and governmental entities is the level of risk offered by state-sponsored groups," Pickering said.
"They have resources and skills to pull off large-scale IP theft, which first gained public media attention though the Aurora hack in 2009. And that threat hasn't lessened over time. If anything, it's more prevalent. It also shows us that companies with intellectual property have a lot to lose. We're not just seeing fraud attacks anymore, but skilled exfiltration of this country's corporate secrets."
Jim Butterworth, chief security officer at HBGary, is not surprised that the number of incidents is going up. He told us people are still using antiquated indicators or signature-based solutions to find tomorrow's threat.
"The attackers are creating malware using custom code that can't be detected by IOCs or anti-virus," Butterworth told us. "Targeted attacks are not like a computer virus that can be handled like a cyber-housekeeping duty. Instead, organizations need to invest in technology, people and processes to respond quickly to these types of threats."
A Sobering State of the Union
We also spoke with Ori Eisen, founder, chairman and CIO of 41st Parameter, about the study. He said the report is sobering and reflects the state of the union.
"It manifests the prediction that in due time, the network itself will become the weakest link, based on the core technology it is built on, namely, the TCP/IP protocol," Eisen said. "When the Internet began in the mid-'90s, budding e-commerce players jumped in. There was a period of trepidation and wait-and-see attitude in corporations to see if this was a fad or a trend."
Eisen said we've all since jumped in -- and the warnings of 20 years about security and what could happen have been lost in the shuffle. As he sees it, the 2013 report is a reminder that without ample security layers on top of the inherently insecure TCP/IP protocol -- any online estate is exposed. (continued...)