Gee, in one sense, that is not a big surprise.
On the other hand, given all the money and effort, you would think we would be winning.
According to security vendor Carbon Black, in just the last 3 months, they found that the percentage of time hackers used methods to cover their tracks jumped 5 percent. It jumped 10 percent in the last 6 months. Up to 56 percent of the time.
They did stuff like deleting logs, disabling anti-virus, hijacking legitimate programs and disabling firewalls. Among other nasty stuff.
By hiding they get to steal more stuff. Own the system. Own the entire network.
Part of the reason is that they are stealing intellectual property. 22 percent of the time. Up from 5 percent the previous quarter.
Also, the hackers are island hopping – a term meaning that once they own one network, they use that beachhead to compromise another company. They say that 50 percent of the reports for last quarter used island hopping as a technique to gain access.
Bottom line – the bad guys are evolving. You need to evolve too.
Unless you are okay with them stealing all of your intellectual property. And your customers.
Installing anti-virus and a firewall is NOT going to stop them anymore.
Part of what you need to do is get your employees to change their habits. That, unfortunately, is not easy.
For the most part, people want to do what is easy. That is why Google says that less than ten percent of their customers use two factor authentication, for example. It is not the easiest way to log in.
Then you need to lock down your systems (servers) and your network. The good news is that this will not impact your users very much but it will mean a lot of work for your IT team.
Since the hackers want to remain inside your network undetected, you need to need to try and detect them.
If they are good, a traditional SIEM won’t find them. Network Detection and Response tools are the next generation of SIEM.
Sorry for harping on this, but you have to protect yourself. No one else can.
The hackers are playing to win. You need to play to win also.
Source: The Register.