Earlier this week, I wrote how modern day targeted attacks don’t lend themselves to today’s security solutions. I’d like to follow up those thoughts by exploring strategies for combating these types of highly calculated threats.
While organizations focus on their business growth, they are also forced to contend with cyber criminals targeting their corporate networks to steal valuable information that can make them lots of money. As a result, evolving fraud professionals are truly changing how businesses protect their private data and fight cyber crime.
As more and more of these targeted attacks go undetected by antivirus solutions, by the time a company realizes they’ve been hit, the malware has done its damage, stolen data and the company moves into recovery and crisis management mode.
In the article, “Top 5 strategies for combating modern computer security threats,” it highlights that one of the reasons hackers have had so much success breaking in is because the corporate network perimeter has dissolved; the IT architecture that once protected office-based desktops and servers by a gateway firewall has crumbled. Adding to the problem is the daunting challenge for IT professionals to secure their networks against targeted threats and other exploits — at the web, email and endpoint — while operating with constrained budgets.
While businesses certainly understand they need to do a better job controlling and protecting their endpoints, the next question is how. The article points out some key strategies in doing so:
Strategy 1: Relying solely on traditional blacklist-based solutions to keep up with new malware being released every day is no longer effective.
Strategy 2: Large volumes of rapidly mutating malware require proactive, zero-day protection to protect against threats not seen yet.
Strategy 3: Finely controlling network access reduces the risk of infection and ensures security policies are being complied with by all computers.
Strategy 4: As legitimate but unauthorized applications introduce malware to a corporate network, application whitelisting prevents unauthorized and malicious software from running.
Strategy 5: Controlling and encrypting devices protects the data and ensures no unauthorized person can access it or the rest of their IT infrastructure.
As I mentioned in my previous posting, as cyber crimes evolve, so must our methods to stop them. While traditional antivirus has worked in the past, the game has changed. Organizations need to take a different approach — one that encompasses a variety of techniques including application whitelisting — if they are going to succeed at protecting their networks from modern attacks and malware.
[...] 2. Strategies for combating targeted attacks Because modern day targeted attacks don’t lend themselves to today’s security solutions, evolving fraud professionals are changing how businesses protect their private information and fight cyber crime. This entry covered the Top 5 strategies including application whitelisting for combating modern computer security attacks and other malware threats. [...]