A new survey from Lieberman Software Corporation has revealed that 78% of IT security professionals retain their faith in firewalls and anti-malware tools, saying they are robust enough to combat modern advanced persistent threats.
Such findings, Lieberman says, highlight the fact that while cybercrime continues to rise, many organisations are still dangerously relying on outdated perimeter security solutions to defend against the latest threats.
Conversely, the survey, which was undertaken during Black Hat USA in August 2014, also revealed that 22% of those surveyed thought tools such as firewalls and antivirus were unable to offer a sufficient defence against APTs.
Lieberman believes that figure should have been much higher considering how many organisations now suffer from advanced targeted cyber attacks. The company’s CEO, Philip Lieberman, said:
“Our survey reveals that while the majority of organizations are prepared for amateur hackers and low-level criminals, they are completely ill-equipped to deal with today’s advanced attacks. Traditional perimeter security products are effective at spotting and stopping known threats, but they can’t keep up with today’s rapidly increasing volume of advanced targeted attacks. The most effective methods for securing yourself from these types of attacks are the use of air-gap networks (machines not connected to the internet) that disconnect systems with sensitive data. Assume that others have already penetrated your network and institute multi-factor authentication and adaptive privilege management to assure that a compromised system is not a jumping off point for an organisation wide attack.”
Cybercrime is arguably running at an all time high with many stories with the media covering many stories recently, from data breaches at Staples and Home Depot to bogus chip and pin credit card charges.
There have also been stories about Russian cybercrime gangs infecting hundreds of thousands of PCs around the world with malicious software used for stealing banking credentials and extorting computer owners, the perilous nature of outdated ATM infrastructure and, of course, the continued posting of compromised passwords online, again and again.
These stories should, says Lieberman, act as a warning to encourage organisations to implement proper defences which can cope with today’s advanced targeted attacks.
Lieberman added that organisations need to look beyond perimeter products and consider security awareness as well as better training for their IT staff:
“The latest targeted cyber-attacks on government organisations and high-profile companies show the need for better awareness and responsiveness in cyber security. Organisations should no longer be solely dependent on perimeter security products, like firewalls and intrusion detection, to protect their systems. Today they need IT staff who are better trained to identify potential attacks, and defense-in-depth security solutions that can restrict lateral movement in the network when attacks do manage to penetrate the perimeter.”