Advanced security threats are increasing, but simply adding more layers of defense does not necessarily increase security against targeted threats; security controls need to evolve, according to Gartner, Inc.

“Targeted attacks are penetrating standard levels of security controls and causing significant business damage to enterprises that do not evolve their security controls,” said John Pescatore, vice-president and distinguished analyst at Gartner in a press release issued in advance of the company’s Security and Risk Management Summit, Sept. 19-20 in London. “For the average enterprise, 4% to 8% of executables that pass through antivirus and other common defenses are malicious. Enterprises need to focus on reducing vulnerabilities and increasing monitoring capabilities to deter or more quickly react to evolving threats. There are existing security technologies that can greatly reduce vulnerability to targeted attacks… The major advance in new threats has been the level of tailoring and targeting—these are not noisy, mass attacks that are easily handled by simple, signature-dependent security approaches.”

Targeted attacks aim to achieve a specific impact against specific enterprises, and have three major goals:

Denial of service: Disrupting business operations.

Theft of service: Obtaining use of the business product or service without paying for it.

Information compromise: Stealing, destroying or modifying business-critical information.

The motivation for advanced targeted threats is usually financial gain, such as through extortion during a denial-of-service attack, trying to obtain a “ransom” for stolen information, or selling stolen identity information to criminal groups, the company said. Through year-end 2015, financially motivated attacks will continue to be the source of more than 70% of the most damaging cyberthreats.

Gartner believes a “lean-forward” approach is a key strategy companies can implement to deal with advanced targeted threats:

“Businesses and government agencies involved in critical infrastructure, high-tech, or financial operations that are constant targets of cybercrime and other advanced threats need to add ‘lean-forward’ capabilities to have continual visibility into potential attacks and compromises.” Pescatore said. “The use of specialized threat detection, network forensics, and situational awareness technologies can be very effective in quickly detecting and reacting to the first stages of an advanced targeted threat, but require high levels of skilled resources to be effective.”

Other strategies Gartner cited are”

• Evolve defenses; don’t just add layers: The best approach to reducing the risk of compromise is always “security in depth.” This doesn’t mean simply buying increasing numbers of security products, but also having the staff and operations support to use and integrate everything together. Having more security layers does not automatically mean more security.

• Focus on security, not compliance: There is a big difference between compliance and security. “Due diligence” from a compliance perspective is simply limiting the company’s liability from legal action—it is never the answer to dealing with advanced threats or living up to customers’ trust.

http://www.gartner.com/it/page.jsp?id=1774514