Cyber Attackers Continue to Fine Tune Deception and Stealth Tactics According to New Report
A security industry report released by Symantec this week highlights how the cyber threat landscape continues to evolve and how important it is for every organization to finally embrace cyber security best practices. Global Digital Forensics provides solutions to help organizations of any size get, and/or stay, on a path to a strong cyber security posture.
On April 14th, 2015, Symantec released Volume 20 of their Internal Security Threat Report, which they say, “exposes a tactical shift by cyberattackers.” With everything from frightening numbers on how many new malware variants were introduced in 2014 – almost a million a day – to how long it took for Zero Day threats to be identified and patched by prominent manufacturers – as long as 204 days – it is abundantly clear that doing business in a digital world can be fraught with peril, and that businesses, regardless of size or technical savvy, have to get a firmer grip on the reigns than ever before when it comes to cyber security on the home front.
Old Story with New Twists
“It’s excellent information and should be food for thought for every organization relying on digital information, in other words, just about everyone, but it’s far from a new story,” says Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions headquartered in New York City, “Since the infancy of the Internet, cyber attackers have never stood still regarding the tactics, tools and techniques they employ to achieve their endgame, whether it’s theft, extortion, destruction, or espionage. They are always refining techniques to avoid detection, and they are always raising their game in finding new ways to get that first foot in the door. Mass spam campaigns have given way to more targeted and much more effective spear phishing campaigns, and social media has also become a major conduit for explosive growth in cybercrime circles. Not only are they leveraging the “trust factor” social media inherently provides to get people to visit malicious sites and/or download malware directly, but they are increasingly using the personal details so many users make freely available online on sites like Facebook to help them craft their phishing and spear phishing campaigns. Whether it’s coming from Aunt Mildred or John in accounting, a target is far more likely to read that email and open a malicious attachment when it looks like it’s coming from someone they know and trust.”
Best Practices Significantly Improve Chances to Thwart Cyber Attackers
“From a pizza shop to a military defense contractor, cyber security has to be part of the business plan today. Avoiding that reality is a recipe for disaster,” warns Caruso, “but we also understand every client is different – different needs, different environments, different skill levels and different objectives. But some things are always constant, like the need to assess, test and address cyber security concerns with unyielding regularity. And that’s what we help clients do. Whether you’re a multinational corporation, or a mom and pop shop, you have to know what kind of threats you are particularly vulnerable to. Are mobile devices in play? Are PoS systems involved? Are seasonal or transitional workers part of the picture? Are there regulatory compliance concerns in your particular industry? Are you compliant? Is malware already present on the network? Are all system and application updates current? It’s all part of our vulnerability assessments. Then we move on to penetration testing, which is basically us assuming the role of a real-world attacker and testing your system defenses. Can we craft a spear phishing campaign that gets employees, managers or owners to take the bait and divulge credentials or open an attachment? Can we infiltrate the network with a brute force attack? Can we simply guess admin credentials because of poor password policies? It’s all part of the mix. And of course we also do deep scanning for identifying and eradicating any malware problems that may already exist, including special testing for zero-day threats. When all of that is done, we generate a report which details everything we found, and provides specific remediation recommendations for each.”
“We can also assist with the entire spectrum of emergency incident response,” says Caruso, “from helping develop emergency response procedures from scratch if none exist, to strengthening policies and procedures already in place. We also have experienced cyber emergency responders on call 24/7 who are strategically positioned across the country to be able to respond quickly and effectively in the event the unthinkable happens and your network is breached, which when done right almost always significantly reduces the costly aftermath of a successful attack. We can also assist with awareness training, the importance of which should never be overlooked, especially since the most common vector of infiltration is the most easily fallible one, the being behind the keyboard and screen, the human element. In a nutshell, we help clients get on board with best industry practices to make them stronger going forward, whatever the starting point.”
Getting the Right Help Is Essential for Better Cyber Security
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.