Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

A worm in a VW Golf ÃÂÃâ€Â" the blended threat analogy

CyberArk Software : 25 July, 2008  (Technical Article)
Calum MacLeod provides some insight into blended threats and how they affect us all
A few days ago I became the innocent victim of a "blended threat" attack when a Volkswagen Golf and a Hyundai Getz joined together and rammed my two week old car sitting in front of my house. As with all blended attacks, it was impossible to foresee that the idiot in the Golf would drive at 70 Mph in a 30 zone and that my neighbour would decide to turn right into her driveway just in front of him with the result that they would blend together and target my car. The police subsequently decided that the Golf driver was to blame.

Now some of you might be wondering what on earth I'm talking about. What is a "blended threat"? According to the AV folks this is "an attack combining a number of traditional attack methods, like a worm, a Trojan horse, and a keylogger", and like myself you might still not be any the wiser but it certainly sounds impressive. But the question is how susceptible are we to "blended threats", and are these the "blended threats" we really need to worry about.

Today everybody, including your grandmother, is using the Internet and the vast majority live in a state of paranoia that everyone from Bin Laden to the taxman are attacking your PC every time they connect. However you would have to be increasingly unlucky - or parked in the wrong place - to fall victim to this and especially in the corporate world. Your IT security team has probably seen to it that you have every form of defence known to man on your infrastructure. In fact your PC is probably so well protected you can't even use it, and yet there is hardly a day that goes by that someone doesn't fall victim to another form of "blended threat".

The key is that your IT security team are so focused on perimeter security and extended the perimeter to the end point that they have forgotten what they're supposed to be protecting, and equally importantly that the money to pay for frequently useless IT toys has to come from the business.

So why is security failing in spite of all this technology that is supposed to protect us against every theoretical threat that might possibly exist, Well probably because they're focusing on the wrong "blended threat".

The "blended threats" that pose the biggest risk are of a much more virulent strain than the odd virus or worm that finds its way to your PC. It's the "blended threat" of the dishonest employee who steal information from your business and the opportunistic taxman who is willing to pay him for it. Or it's the employee who used to work in the back office and now works as a trader on your banking floor. It could be the former IT employee who had privileged access to your systems and still has remote access, or the compliance officer who is being well rewarded for helping your competitor analyze your contracts. The biggest "blended threat" today is the worm you've hired to do a job and sets about to damage your business.

In a recent survey that Cyber-Ark conducted amongst 300 IT administrators, over a third admitted to using their privileged rights to access information that is confidential or sensitive by using the administrative passwords as a means of peeking at information that they are not privy to and snooping around the network!

Anyone who pays the slightest bit of attention, and hopefully your IT Security staff have, will be aware that the evidence has shown conclusively that up to 90% of incidents in business relating to the loss of assets results from staff that have privileged access to IT systems and applications. Another interesting side note from the study is that 57% who were responsible for the fraud should not have had authorised system access at the time of the attack. Some other minor stats that should not go unnoticed are that 81% of the organisations that are attacked experience a negative financial impact as a result of insider activities; 75% of the organisations experience some impact on their business operations, and 28% of the organisations experienced a negative impact to their reputations! I don't know of any worm, Trojan horse, keylogger, virus, or whatever else that can claim that level of success - unless a terrorised granny watching the news and believing that the latest computer virus will destroy world order in the next 24 hours!

If you want to deal with the real "blended threat" then protect your assets. This means that information that is essential to the life of your business is only accessible to those who need to get access to it. And if you think that this is all science fiction then let me share some of the requirements that I recently received from a company that understands what is of value. Among their requirements are:.

* End-to-end encryption of stored data and transmitted data.
* User-to-user information exchange via a secure digital vault.
* User-to-system or system-to-user information exchange. For example, automated systems processes to transfer files into the secure digital vault using a secure file transfer
* Reduce the need for manual intervention, facilities such as automatic email notification of files uploaded or retrieved.
* Secure tamper-proof audit trail that cannot be modified by IT personnel.
* Allow information owners to control who can access their data in the secure digital vault, allow Audit to review who has accessed data without actually being able to see the data itself, and allow IT administrators to perform backups / restores / manage quotas without having visibility of the data itself.
* Provide reports on secure activity, e.g. file uploads and retrievals, user creations and password changes, access right changes, failed authentication attempts, etc.
* Capabilities to limit the sources from which external users can access the data over the Internet.
* Provided guaranteed delivery of large files, including resuming of partial downloads that were not completed due to network errors.

These requirements should be de-facto for any business, and it's up to the business to take the lead and not continue to be dictated to by IT staff who don't understand the business. As for me I've decided my car goes in the driveway from now on!
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo