Classes of Cybercrime There are generally three major classes of cybercrime. The first, known as “hactivism,” is on the rise because certain groups such Anonymous hack sites as part of an effort to make a political statement. The second major form of cybercriminal activity is motivated purely by profit, and the third major type of cybercrime is termed “digital espionage,” in which groups acting on behalf of a foreign government attempt to steal classified documents and intellectual property.

We all know there’s no such thing as “perfect” security. Given enough time and resources, a hacker can get past most security defenses. But cybercriminals are looking for easy targets, weighing the benefits of a potential score against the amount of time and money necessary to attack the target. Just like in a physical world, where robbers tend to stay away from houses with a lot of security in place, cybercriminals focus on cracking IT systems that have a minimal security. That means cybercriminals will be a lot less inclined to hack into systems where IT organizations have implemented multiple layers of security.

The Economic Realities of IT Security

Security In Depth By Mike Vizard Tech Security Today

February 6, 2012

2

1

In all three cases, time is a precious commodity, and the hackers look for the path of least security resistance. More often than not, they’re not interested in the activities of your business specifically but of the organizations your company does business with. In hacking into your site, their goal is to install malware that will make it a lot easier for them to compromise the security of much higher value targets. These efforts are leading a lot of companies to redefine the definition of the network perimeter -- in reality the perimeter now extends to every organization and person the company does business with. Securing that perimeter may seem like an impossible task, but as security technologies increasingly become more sophisticated it’s becoming much easier to deploy a defense in depth strategy based on layers of security technologies. Redefining the Perimeter Clearly, cybercriminals are becoming more sophisticated. They leverage automated networks of systems known as botnets to

2

leverage attacks. There’s even a black market for “attack kits” cybercriminals can customize to launch any number of attacks. Increasingly, many of those attacks are of a “zero-day” variety, which means the IT security industry has yet to identify the signature of that particular attack so there is no specific anti-malware solution in place yet to defend against that attack. Worse yet, cybercriminals are making greater use of advanced persistent threats, which is a form of attack designed specifically to compromise the security of a specific organization or class of organizations. Unfortunately, most of the defenses many organizations have in place today are simply not up to the security task. Most security investments these days are made up of firewalls at the perimeter and anti-malware software at the endpoint. Alas, with the rise of mobile and cloud computing, the perimeter has become porous, and there must be a lot more emphasis on securing endpoints that attach themselves to the corporate network intermittently.

3

Unfortunately, however, the IT organization doesn’t know what malware-infected sites those devices might have accessed when they off the corporate network. At the same time, hundreds of thousands of new malware threats are being created by a legion of programmers leveraging botnets to automate the delivery of their payloads. To combat that threat, the rules that make up the heart of any firewall defense must be updated continuously to address new and emerging threats. That’s difficult to accomplish when most IT organizations are dependent on manual processes to perform those updates. The Pressing Need for IT Automation It’s becoming imperative that IT organizations find a more efficient way to secure their environment. If cybercriminals are leveraging more automation, then it stands to reason IT organizations should invoke more automation to defend against those attacks. There’s simply no way the average IT organization can afford to keep throwing people at exponentially more complex security problems, especially as it adopts technologies such as virtualization and cloud computing and sees a dramatic increase in the number and type of endpoints that must be secured. At the same time, IT organizations must recognize that while securing their environment has become a critical business issue, the process of securing the environment doesn’t add any material value to the business. The more organizations invest in the automation, the more they free up IT resources for other business critical tasks. And while many IT organizations may opt to automate IT security management on their own, others will turn to providers of managed security services such as Dell SecureWorks. Those organizations that do not only will have greater security expertise at their disposal, they also will be able to deliver consistently high levels of security at a much lower cost that the average IT organization. Summary IT organizations have never before been under attack as much as they are now. IT organizations of all sizes are now on the front line of a series of cyberwars that involve spies, criminals and political activists that are all looking to advance their agendas by any means necessary. Increasingly, that means looking for the weakest link in a supply chain of information that could reside in even the smallest of companies. While it may not be possible to keep the most determined of hackers from breaching your security, it stands to reason the harder you make it for them the more likely they will focus their attention somewhere else. Regardless of motivation, cybercriminals, like everyone else, have limited time and resources.

Dell Security Services Managed Security

• Security Monitoring • Managed IDS/IPS • Firewall Management • Web App Firewall

Management • Log Management • SIM On-Demand • Vulnerability Management

CTU Intelligence

• Threat & Vulnerability Feeds • Advisory Feed • Emerging Threat Bulletins

(CTU Tips) • MS Update Analysis • Live Intelligence Briefings • Bi-weekly Cybersecurity

News Roundup • Malware Analysis • CTU Support • Attacker Database Feed

Security and Risk Consulting

• Identity & Access Management

• Testing & Assessments • Compliance & Certification • Incident Response &

Forensics • Program Development &

Governance • Architecture Design &

Implementation • Expert Residency

ABOUT TECH SECURITY TODAY

Tech Security Today is committed to providing insights and actionable recommendations to help small-to-medium businesses cost-effectively maintain security. To achieve that goal we have invited a number of notable bloggers and industry experts steeped in security knowledge to share their thoughts on best practices for setting security policies to prevent issues from occurring in the first place and then how best to remediate breaches once they occur. www.techsecuritytoday.com

ABOUT THE AUTHOR

Mike Vizard has more than 25 years of experience covering IT issues in a career that includes serving as Director of Strategic Content and Editorial Director for Ziff-Davis Enterprise, which publishes eWeek, Baseline and CIO Insight. Vizard has also served as the Editor-in-Chief of CRN and InfoWorld. In addition, he served as a senior editor with PC Week, ComputerWorld and Digital Review.