New Study Reiterates the Dangers of Advanced Persistent Threats for Network Security
When we last spoke about advanced persistent threats (APTs), the New York Times had just fallen victim to an attack that used malware to create new network patterns that allowed it to remain undetected by traditional network security systems. Unfortunately, APTs have only grown in prominence, and malice, since then.
Recently, Dark Reading published an article highlighting the findings of a new Ponemon Institute study, which revealed that organizations have suffered an average of nine APT attacks in the past 12 months. If that isn’t alarming enough, almost half of those organizations confessed that hackers successfully stole sensitive information from their corporate networks. The main reason these types of threats are so successful is because of how long cyber criminals can remain undetected in networks. Because these types of attacks are so stealthily coded and utilize multiple attack vectors, IT administrators usually don’t realize their corporate networks have been infiltrated until they notice anomalies in network behavior. Prior Ponemon Institute research suggested that APTs average 225 days in networks before they are detected. To put it bluntly: that’s far too long.
Rather than relying on what are clearly inefficient ways to detect APTs, enterprises need to take a preventative approach, including using technologies such as centrally managed remote access control solutions, which can actually prevent network breaches from occurring. For example, centrally managed VPNs give IT administrators the ability to monitor and control all remote communications with the corporate network. They also ensure that all communications with a corporate network are encrypted, which prevents attackers from snooping on sensitive information.
A lack of sufficient endpoint security tools and lean internal resources were noted as the main reasons APTs take so long to detect. However, by adopting a comprehensive security framework that lets components communicate, remote access solutions can work in tandem with endpoint security tools like antivirus software, intrusion prevention systems, firewalls, etc. to provide a better defense against APTs than the sum of their parts. Letting network and security components communicate also helps IT departments do more with less, because IT administrators will spend less time configuring each individual component. That being said, all of the right tools are of little use if proper precautions aren’t taken.
Employee education is an essential part of any centrally managed remote access system, and it can take a substantial amount of pressure off of IT administrators. For example, consider the fact that half of the respondents from the Ponemon Institute study said that the APT attacks they experienced originated via phishing. It’s logical to conclude that if their employees had known what to look for in a malicious email, advertisement, etc., the hackers would not have been able to use those devices and identities to breach the corporate network.
We recently discussed how security was a top priority for network professionals in 2014, despite their anticipations of very little change to current budgets. According to the study, 31 percent of respondents indicated they have insufficient in-house resources to properly ward off APTs. Centrally managed VPNs, when combined with properly educating employees on the risks of unsecure remote access and other security components, such as firewalls, intrusion detection systems and anti-virus software help safeguard corporate networks in a fiscally responsible way. IT administrators searching for cost efficient secure remote access solutions need to take a good hard look at centrally managed VPNs, especially given the increasing prominence of APTs.