Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Norwegian Military Cyber Attack Demonstrates High Level Of Targetting

Venafi : 26 May, 2011  (Technical Article)
Venafi comments on the trend for cyber criminals to become more targeted in their choice of victim with the Norwegian Military being the latest such target
Norwegian Military Cyber Attack Demonstrates High Level Of Targetting

Reports that the Norwegian military has admitted to being targeted by a potentially serious cyber attack should act as a wake-up call to UK organisations on both sides of the private/public-sector divide, says Venafi, the Enterprise Key and Certificate Management (EKCM) solutions specialist.


According to Jeff Hudson, Venafi CEO, the rash of targeted cyber attacks in recent weeks against several major corporates such as Sony - and now attacks against military targets - shows that the cybercriminals are refining their attack strategy.


"It doesn’t take an industry expert to know that “the bad guys”, aka hackers, will always target the most vulnerable area of a company’s security fabric. Often the weakest link is poor encryption key and certificate management. Where previously cyberattacks against government systems and major corporates could be shrugged off or overlooked because of the efficacy of conventional, multi-layered IT security systems, it's clear that a new strategy is called for," he said.


"That strategy now needs to draw in allied technologies such as pervasive  encryption of all data—both at rest and in motion—which requires effective access controls and key and certificate management to protect an organisation's private data, which of course, is what the cybercriminals are really after in these types of attacks," he added.


The attack on the Norwegian military - in which 100 senior members of the country's defense department received an email plus attachment that appeared to come from the government - was carefully planned and well executed, says Hudson, who added that it was interesting that at least one person is reported to have opened the attachment. This launched an unknown malware that executed commands that compromised the machine before it was stopped from spreading further.


This proves that - despite the best of security training and the high levels of security defences that military systems have - all it takes is one click and the integrity of an organisation's IT resources are then put at risk.


What needs to be developed, he explained, is a holistic approach to security that actually steps beyond the boundaries of conventional IT security and into new areas such as defending intellectual property rights and general working practices, as well as using integrated security to defend an organisation's digital assets.


There is now, says the Venafi CEO, clearly no such thing as a security silver bullet, so we have to start from the premise that an organisation's IT systems will be compromised in one form of another.


This isn't defeatism, says Hudson, but pragmatism at play. If you start developing a security strategy on the basis that the IT resource may be compromised by unknown means at some stage in the future, then you can better defend your valuable and sensitive digital assets.


"The Norwegian attack is an interesting example of this. It's unlikely that Norway's military will reveal the full facts of what happened, but it sounds as though their internal security systems were able to lock down the effects of the malware before it took hold," he said.


"This proves that a strategy of using multiple technologies, such as automation of key encryption and data protection systems, as well as good processes and best practices, can be useful. The days of set-it-and-forget-it IT security are now gone. Organisations need to wake up and smell the coffee," he added.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo