Antonio Forzieri: Cyber resilience demands strategic action
In a hyper-connected world that is constantly facing rapid changes in IT, driven by technologies like virtualisation, cloud computing and mobility, cyber resilience now calls for strategic action if enterprises are to mitigate risks.
That's according to Antonio Forzieri, EMEA cyber security practice lead at Symantec, who was presenting at the ITWeb Security Summit in Sandton yesterday.
"The problem with the emerging technologies is that organisations have to embrace them or they die," he said. "This puts organisations at risk."
According to the World Economic Forum, cyber attacks rate as the third biggest risk facing enterprises today, said Forzieri, adding that threats have evolved from simple jokes to complex identity theft.
He said the modern-day attacks are being driven by hacktivism - mostly characterised by DDoS attacks and Web defacement. Cyber criminals are also being motivated by the need for financial gain and they have developed tactics like banking Trojans, extortion and scams to steal money.
Espionage and sabotage are the other drivers, with the cyber criminals making use of targeted attacks to meet this end, he explained.
"In 2013, there was a 91% increase in targeted attacks," Forzieri revealed. "The major hacks included Sony, which lost 77 million user accounts to hackers. In June 2012, some six million LinkedIn passwords were posted online, and in February 2013, 250 000 Twitter user names were stolen.
"In October 2013, Adobe also had 153 million usernames and passwords posted online and the latest incident involved eBay, which was also hacked."
Thus, we can call 2013 "the year of the mega breach", said Forzieri, explaining that eight of the top 10 breaches involved more than 10 million identities, while the average number of identities exposed was four times greater than 2012.
Typically in these breaches, Forzieri stated, cyber criminals look for e-mail addresses, financial information, user names, passwords and insurance information.
Botnets have also been extensively used to steal data, said Forzieri, detailing that using this "drive-by" technique, an attacker compromises a Web application and inserts a hidden link inside the legitimate app. Afterwards, a legitimate user visits the compromised app. Usually, users are redirected to these apps via SEO poisoning attacks, said Forzieri.
The third stage involves the user being silently redirected to a server under the attacker's control and a first-stage payload is installed into the user's PC, exploiting a vulnerability. Next, the first stage is executed on the user's end-point and downloads a second stage. The multi-stage method helps bypass security controls, he explained.
In the fifth stage, the installed malware collects information and sends it back to the drop zone server, Forzieri noted, and finally, the attacker downloads information stolen from the drop zone eventually connecting through an anonymous proxy.
"Faced with such risks, organisations must break through the glass ceiling between IT and the business," he urged. "They should also review their security programme and become risk-aware by involving technology, people and processes."
This encompasses responding to incidents and requests; more comprehensive security controls; a more holistic view of the threat landscape; measurable and auditable IT, proactive and preventative risk-based approaches; as well as innovative offerings with business alignment, said Forzieri.