Do you feel nostalgic for the days when the biggest threat to government networks was a computer virus? Today, zero-day and targeted attacks dot the threat landscape and are more likely to be perpetrated by organized crime or state-sponsored groups than by kids in the basement.
The chronic problems of malware and phishing have grown worse — 5,291 new vulnerabilities were reported in 2012, according to Symantec's 2013 Internet Security Threat Report. Traditional security tools aren't enough to combat cybercrime. Governments must apply new technologies to stop advanced persistent threats and protect confidential citizen information.
Attacks against public-sector organizations dropped from 25 percent in 2011 to 12 percent in 2012, the Symantec research shows. Let's hope that downward trend continues through 2013. But while the number of attacks has decreased, the sophistication of the attacks is troubling because cybercriminals watch and wait to learn about their intended victims before striking.
For example, a May "watering hole" attack targeted nuclear researchers who develop atomic weapons. Exploiting a zero-day vulnerability in Microsoft Internet Explorer, hackers injected code to redirect visitors from U.S. Department of Labor website pages about the health effects of radiation exposure to another site, where their computers were infected with the Poison Ivy Trojan.
Antivirus software-makers concede that tools alone don't offer adequate protection. What's needed is a proactive approach to security that allows only trusted applications to run and blocks everything else by default.
Watch the Behavior
Fortunately, a new arsenal of cyberwarfare weapons helps prevent malware from permeating the network. One such technology is sandboxing, which isolates untrusted code in a container to gauge what impact it has on endpoints. Gartner expects that usage of containment mechanisms for such content will grow from less than 1 percent in 2013 to 20 percent by the end of 2016.
Later this year, McAfee will integrate the ValidEdge antimalware sandboxing technology it acquired in February into its endpoint and network defense wares. The technology will also provide signature information to automatically remediate malware through the McAfee ePolicy Orchestrator security management platform.
Check Point Software recently announced that its Check Point Threat Emulation Software Blade has detected evolving phishing and bot attacks aimed at employees of several large global organizations. The sandboxing technology discovered the attacks before antivirus signatures for a particular vulnerability were made available.
Meanwhile, next-generation firewalls, which perform deep packet inspection to identify malware and offer granular control, have gained traction. And cloud-based security services for vulnerability management are gaining popularity because they enable governments to gain best-of-breed capabilities without incurring the capital costs of hardware and software purchases.
Of course, these new security capabilities supplement rather than supplant tried-and-true measures and best practices. Organizations also are wise to deploy multiple layers of endpoint protection, aggressively install patches and software updates, implement encryption, require two-factor authentication, perform continuous monitoring and conduct regular security assessments, for example.
History indicates that once a vulnerability is repaired, hackers will simply move on to the next one. It's only by devoting more resources to cyberdefenses and maintaining constant vigilance that organizations can hope to ward off ever-evolving threats