Security model is not good enough to protect against targeted attacks

The old security model is doing an 'okay job' when it comes to preventing targeted attacks and advanced persistent threats (APTs), according to an industry expert.

 

Speaking at an event in London, Trend Micro's vice president of security research Rik Ferguson said that there is a big change in the means of attack, as it is now more targeted and the classic model can only do so much against a situation where an individual is directly targeted. He said: “You can draw conclusions that APTs are designed to overcome traditional security. If you want to get past security, then traditional technologies are not designed to stop targeted attacks.

 

“Rather than traditional technologies, what we should be doing is looking at context, which means keeping hold of what we do well and what is trusted, as by looking at the trees rather than the forest you get a better picture.”

 

Ferguson lauded Trend Micro's Deep Discovery software as such a technology, saying that other vendors had made acquisitions to meet this level of protection – citing McAfee's acquisition of Secure Computing as a good example.

 

Recent research by Trend Micro and Quocirca found that 72 per cent of European businesses had suffered a 'significant' targeted attack on their networks, with respondents saying that targeted attacks had either been a concern for some time, or would be an increasing concern in the next 12 months.

 

The survey of 300 businesses found that 52 per cent of respondents said they were not deploying or evaluating any tools to specifically help mitigate this insidious new threat. Just under one-third said they would devote less than ten per cent of their budget on targeted attacks in the next 12 months.

 

Quocirca director Bob Tarzey said that of these figures, the UK breakdown showed 49 per cent of respondents were concerned and they needed to take awareness on board. A quarter (25 per cent) said it was a concern 'for some time', while 18 per cent said that there was no concern.

 

He said: “This shows that there is a long way to go for any organisation who thinks that it is protected.”

Sign up to our newsletters