It doesn't matter how much you spend on security technology - it may not be enough to mitigate against the new breed of advanced threats.
|Download Full Opinion Paper|
Studies by security specialist FireEye and its services division Mandiant reveal just how today's threats have evolved - and four compelling reasons why enterprises may need to re‑evaluate their security systems and processes:
- Security breaches are almost inevitable. FireEye found that a large proportion of the organisations it was investigating had been breached, with at least one attacker bypassing all security layers in a six-month period.
- Most breaches are serious. In three-quarters of the organisations, the company discovered the perpetrators had control over the compromised systems.
- Many breaches are hidden and long-lasting. Mandiant found that attackers were present on victim networks for a median of 229 days before being discovered.
- Industrial espionage is real. The company uncovered definitive evidence that international hackers had stolen secrets from Australian companies.
Is your organisation already breached?
Distributed denial of service (DDoS) attacks, hacktivism, SQL injections, ransomware and zero-day attacks...the threats are becoming more sophisticated, but perhaps none more so than advanced persistent threats (APTs).
An APT typically attacks an enterprise over an extended period of time using multiple, highly targeted intrusion techniques. The perpetrators' aim is to gain privileged network access. So it doesn't matter if data is located in the cloud or on-site; once the attackers have infiltrated the organisation, they can quietly steal data until they're discovered - which, without the right solution, can take months.
Fighting the new threats
Technology on its own can no longer protect business networks and data from threats such as APTs. Of course, traditional security systems are still important to block known malware and random attacks, but guarding against targeted threats requires a combination of effective technology, security intelligence and analytics, incidence response capability, and highly skilled security specialists.
After all, as several recent well-publicised incidents have shown, security breaches can have a serious and ongoing impact on your organisation's reputation.
To learn more about how to protect your enterprise against advanced, targeted threats, see our paper On guard.
 M Trends: Beyond the Breach, Mandiant, 2014, www2.fireeye.com/fireeye-mandiant-m-trends-report.html.