The disclosure by The New York Times that it has fallen victim to a Chinese cyber attack has generated a wave of concern about the ability of organisations to protect themselves against targeted cyber threats. According to BAE Systems Detica, prevention alone is no longer a viable security strategy – today’s news is a stark reminder to organisations that currently have no means of monitoring for evidence of on-going attacks against their business that they must always be vigilant, especially when it comes to sensitive information.
David Garfield, Managing Director, Cyber Security, BAE Systems Detica, comments: “This cyber attack on the New York Times has the hallmarks of what we would class as a tactical intrusion – an attack triggered by an event which intelligence agents have an interest in collecting information on.
“As the New York Times article points out, traditional security technology such as firewalls and anti-virus do not stop these events. They were never designed to counter the type of bespoke targeted attacks by adversaries with a strategic interest in accessing an organisation’s networks.
“We have investigated intrusions, from similar origins, against media organisations - attacks devised to steal sensitive information such as correspondence around a specific topic of interest between journalists and their sources. These attacks aim to view the content of conversations, who the sources are, or what the next story angle might be. This type of activity is obviously an acute worry for any news organisation.
“Organisations shouldn’t ask what their security tools are telling them, but ask what they are not telling them; that can only be done by monitoring and analysing their networks for evidence of compromise. It is excellent work by The New York Times to discover this attack and in particular to disclose it in such detail; this should greatly help in the fight against our cyber adversaries going forward.”