Phillip Ferraro, CISO, DRS Integrated Defense Systems and Services
April 01, 2013
CSO's desk

You are an APT target

Phillip Ferraro, CISO, DRS Integrated Defense Systems and Services
Phillip Ferraro, CISO, DRS Integrated Defense Systems and Services

Almost every week we read in the news about another organization that has been hacked. Cyber espionage is at an all-time high, and businesses across the United States are being targeted and breached. Many of these attacks are nation-state sponsored or otherwise known as advanced persistent threats (APT). However, organized crime and other hacker groups are also responsible for many of these attacks. Their goal is simple: Breach an organization and steal its intellectual property, trade secrets and other business sensitive information to gain economic advantage. 

In February, security firm Mandiant released a 60-plus page report detailing its investigations over a six-year period into an extensive cyber espionage campaign conducted by one of the many APT threat organizations inside China. This one particular group, which the firm identified as APT1, allegedly stole hundreds of terabytes of data from at least 141 organizations across 20 industries worldwide since 2006. The point here is very obvious. If your business is connected to the internet, you are at risk. Every CEO, C-level executive and board member must know and understand this risk. Too many businesses are of the opinion that only government organizations or defense contractors are at risk of being targeted by an APT. In fact, it is the modus operandi of APT operators to go after smaller vendors in the belief that their security posture is lower, making them an easier target to breach and then use as a pivot point to reach a larger organization. This was the strategy used against security organization RSA. One of its smaller supply chain vendors was breached. The attackers then sent an email attachment with malware from inside the breached organization to RSA, consequently infecting the security firm. But, even in this example, RSA was not the final target. It too was merely a pivot point used to breach a much larger defense contractor.

CSOs and CISOs must fully understand the threat and the method of operations of these malicious actors. It is extremely important that they educate the executives of their organization on these threats. When presenting to the C-level management or to board members, the CSO/CISO must keep in mind that cyber security is not an IT function. Rather it is a business function. The threat must be explained in terms of the impact that it can have on the business. Not only can the cost of containment and mitigation of a breach be extremely expensive, but the loss of intellectual property, trade secrets, sensitive business information, and years of R&D work, not to mention brand or reputational damage, can put an organization out of business.

From the April 2013 Issue of SCMagazine »
Related Articles
Related Topics
close

Next Article in Opinions

Sign up to our newsletters

More in Opinions

Spotting the "black swans" of security

Spotting the "black swans" of security

How can it be that firms can feel confident in their security technology investments and their people, yet ultimately still believe that they remain at great risk?

Me and my job: Blake Frantz, Center for Internet Security

Me and my job: Blake Frantz, Center for ...

A brief Q&A with Blake Frantz, director of benchmark development, security benchmarks division, Center for Internet Security (CIS).

BlackBerry back in the game

BlackBerry back in the game

Thanks to BYOD, gone are the days of one single mobile device manufacturer or model to support, says Dimension Data Americas' Darryl Wilson.