It’s another big information security story day at the New York Times. Three weeks ago after their big story detailing the Advanced Persistent Threats (APT) attack against their network, today they have a story detailing the ongoing espionage and corporate espionage against companies and organizations around the world.
It’s a very interesting and very detailed story. It’s well worth the read. And from the overall goal of protecting people, it’s extremely valuable from an industry perspective for sharing a wealth of information that can be used to provide protections broadly. You can be sure our analysts are going through the report and ensuring we have protections for anything we don’t already protect against.
But for customers, I would argue that while this story is entertaining, last week’s 2012 Advanced Persistent Threat (APT) Awareness Study released by ISACA is a more important read because it has more relevant information on how to protect your company or organization. The New York Times article is a good read but the ISACA report can help keep you from ending up in the next New York Times story.
The important thing that we saw in this survey is a serious disconnect between people worrying about APT attacks and understanding how they work. 63% said they were likely or very likely to be the target of an APT attack. But at the same time almost as many, 53.4%, said that APT attacks are “similar” to conventional threats. This means that only a little under 10% (9.6% to be exact) of respondents see this as a threat and understand that this is a different kind of threat and requires a fundamentally different kind of approach to meet it.
When stories like this hit, customers often ask “Am I protected against this attack”? What they really mean in most cases is “Are your signatures up-to-date to catch this attack?” The right answer to that question is that it doesn’t matter: these attacks are designed to be undetected by signature-based endpoint security. We saw this in the attack against the New York Times. In fact, we believe that these attacks generally are tested against signature-based endpoint products to ensure they’re not detected. Yes, we do protect against much of the malware outlined in the report and are building new protections for new malware. But this underscores that reactive, signature-based endpoint security can only be a piece of your overall posture to protect against APTs. These are custom attacks and defending against them requires a different approach, a custom defense that employs advanced detection technologies that can discover an attack before real damage can be done.