Would you change your behaviour if you knew you were targeted?

Opinion by Richard Stiennon

Media headlines and warnings from security experts and government agencies pale in comparison to the sure knowledge that you have been targeted.

Media headlines and warnings from security experts and government agencies pale in comparison to the sure knowledge that you have been targeted.

Would you change your attitude if you knew someone, or some organisation, was after your data? In 15 years of talking to people about improving their security, I repeatedly hear the response: "But we are just a [insert benign industry here]… who would want our data?"

Industry by industry, organisations have learned the hard way that their data is valuable to someone. Banks, stock traders, software vendors, payment processors, retailers, hospitals, NGOs, militaries and governments have discovered through very public breaches that their data is indeed wanted by some bad actors, be they hacktivists, cyber criminals, competitors, insiders or foreign agencies.

So imagine for a minute that you get clear intelligence that you or your organisation has been targeted. It could be as blatant as Anonymous threatening you for some perceived slight. You may see your organisation's name appear in the press, or you may get an alert of a spear phishing attack against an executive.

Once you realise you are the target of an adversary, your approach to security transforms. You circle the wagons; you check your access logs; you take the results of your vulnerability scans seriously. You consider updating and patching your operating systems and revisiting your firewall policies.

However, this does not go far enough. It may protect you from attacks that target a broad swath of targets, but if the adversary is determined, they will bypass even systems that are patched and running the latest anti-virus signatures.

They will use zero-day vulnerabilities, target your more-vulnerable partners or find systems that do not even run anti-virus software. To protect your endpoints from this level of targeting, you need to lock them down so no unauthorised code can run. This is what whitelisting does. The droppers, remote access and Trojan applications used in targeted attacks will not run.

Is that all you have to do? Of course not. Targeting involves a lot more that computers and networks. A determined adversary will go to great lengths to get what they are after. Bribing, blackmail, breaking and entering, and infiltrating, take data protection into the human and physical realms. Why make it easy for your attacker? Preventing desktops and mobile platforms from relatively simple attacks is the first step. Beefing up your background checks and internal monitoring is next.

Richard Stiennon is founder and chief research analyst at IT-Harvest


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events