Last month, one of the largest cyber attacks in recent history, whose victims included thousands of companies and 10 U.S. government agencies, was uncovered.
The attack, which was later dubbed as the "Kneber Botnet," allowed hackers to access login credentials to online financial systems, as well as to social networking sites and e-mail systems.
One company that is trying to keep organizations and government institutions on top of cyber threats is Florida-based IT data security firm Fischer International. In this "At the Frontline," SIW speaks with Fischer's president and CEO, Andrew Sroka, about the growing number of cyber attacks and what companies can do to protect themselves.
With the recent news that thousands of companies, as well as several U.S. government agencies have fallen victim to the Kneber Botnet, what are some steps companies can take to protect their data from hackers?
Kneber is kind of an interesting event for a variety of reasons. First of all, it is not exactly ground breaking hacker-type technology. If we really look at the metrics of what Kneber is, it is relatively old Zeus spyware or botware that's a newer variant which has been employed to develop this large network. Seventy-four thousand assets over 196 countries is pretty large by anyone's standards. It's not exactly earth-shaking technology and what is really being exploited by Kneber and Kneber-like Zeus infections is poor security policies that are in place at these organizations. Fischer's perspective is that organizations have a tendency to become complacent with their security profile in that we think we have anti-virus in place, so we're ok there; we think we have intrusion detection systems and that we're ok there; and we have employed the right software tools in our organization to defend against these external threats. I think organizations have to overcome that (event-driven reaction to security mindset) when it comes to implementing security. Security is a process, so establishing control over assets and establishing policies within an organization as they relate to security (and) to prevent these credential breaches are key. (The hacking industry) is the only industry that consistently demonstrates innovation.
Where do many of these cyber attacks originate and what is being done in those areas to curtail cyber criminals?
I think that the better question would be where are they not coming from? With Kneber in particular, there were several countries involved as sources, predominately China, but it wasn't relegated specifically to just Chinese assets. Pretty much any country or geographic region that has access to the Internet could be potentially a source, as well as that source that most organizations don't want to talk about, which is the internal threat that's often a big part of the problem. There are organizations and law enforcement partnerships across various countries that are trying to establish ways to manage and eliminate some of the threat of hackers, but it is a very elusive and evolving process and it's not something that any one government, or federal agency or regulatory agency can say they have a handle on managing.
How can organizations protect themselves against insider threats from employees who may want to steal sensitive data as an act of revenge?
That's probably the hardest part of the security profile for organizations to mitigate. Again, it goes back to the overarching theme that companies don't want to think that that threat is as real as it is. And not just malicious activities, but inadvertent activities can expose organizations and their data. The forefront of that process is access control, a very well-defined access control policy and systems to enforce access control... and constant audit and verification of that access control, such as password policies and enforcing password policies. A lot of it, when it comes to the insider threat, is education and establishing acceptable-use policies and enforcing acceptable-use policies and using tools that are available on the market that can enforce and manage access to that organization's data.