Most of the things our industry has learned about targeted attacks were realized the hard way: through analysis of successful attacks. Our realizations have so far revealed just how unfamiliar we are with the “battle ground” we are currently in, and how that unfamiliarity has caused the industry to be unable to understand what is needed to deal with such attacks. But why is this so? Do the attackers really have the upper hand? The answer, unfortunately, is yes.
To put it simply, attackers have a greater level of control and a wider range of resources. They get to decide on the very nature of the threat — how and when the attack will play out. They can employ the use of the numerous tools available on the Internet, including legitimate services. More importantly, they can get intelligence on what they are up against – they can do research on the target and find information that can make infiltration easy and almost undetectable.
And while attackers are able to utilize such flexibility, targets, on the other hand, are faced with multiple limitations that even by themselves are already difficult to manage. With the dawn of consumerization and rise of mobile computing, it is already a big struggle for companies to identify their own network, even more so to protect it. They can only do so within the limitations of available strategies, whatever control they have over the network, and the awareness of their people.