All the latest UK technology news, reviews and analysis

V3 Storage Summit: Signature and encryption-based defences will not keep hackers out of your data reserves

29 Jan 2014
Security padlock image

Businesses are leaving their data open to abuse by believing traditional outdated security practices will protect them against hostile hackers, according to security firm FireEye.

FireEye's European director of systems engineering Yogi Chandiramani told V3 that traditional defences are no longer able to deal with the advanced cyber threats businesses now face.

"The first problem is all today's advanced threats and malware are capable of bypassing traditional tools, ones that are filtering or signature based. At a basic level this is because the hackers know them, they've been around so long the attackers know how they work," said Chandiramani.

"Already we're seeing a high number of zero-day exploit attacks using new ways to bypass controls. In 2013 alone we saw 12 new techniques capable of bypassing traditional defences and we expect to see more this year."

The FireEye security expert added that even robust security measures, such as encrypting stored data are not capable of dealing with the new techniques.

"Once the user's machine is compromised, when they've gotten into the workstation, they can get most things, even encrypted data. This is because the encryption keys are on the machine," said Chandiramani.

Chandiramani added that the techniques are being increasingly used by hackers to mine company data. "Today we are tracking 160 advanced persistent threat (APT) campaigns across the world, each of which is mounting attacks designed to target specific types of information in various types of organisation," he said.

The attacks are capable of mining data from a variety of sources and it makes little difference whether this is stored in the cloud or on premise. "Attackers have been very successful as the internet is a great platform through which they can mount sophisticated attacks," he said.

"But despite this the human factor is still the biggest source of compromise. Today we're so connected, a basic breach via a malicious weblink or something equally simple can snowball. Companies all work with each other, it's the nature of business, so once an attacker gets into one company they can use it as a stepping stone to another."

Chandiramani said businesses will need to adopt intelligence-based defence strategies to deal with the new wave of threats that could compromise their stored data. "The key thing is to get tech that can detect incoming threats. It takes three minutes to compromise a network and months to clean it up," said Chandiramani.

"It's also about threat intelligence, seeing the threats before they hit, knowing which ones are likely to target you. Finally, it's about having the right people in the organisation, who are able to create and instigate a plan of action about what to do when the company is attacked."

FireEye is one of many companies reporting a marked increase in the number of data-mining attacks targeting business. Russian security firm Kaspersky reported uncovering a new version of the Java-focused Icefog campaign targeting a "major US oil company" earlier in January.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Storage
What do you think?
blog comments powered by Disqus

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Head of Digital Product Management

Head of Digital Product Management is required for a...

Front End UI / UX Developer - HTML5 - Big Data Analytics

Front End UI / UX Developer - HTML5 - Big Data Analytics...

Software Trainer - Marketing Data Analysis & Automation Software

Software Trainer - Marketing Data Analysis & Automation...

Technical Support Consultant -SQL- Marketing Analysis/Automation

SaaS / Technical Support Consultant - SQL - Marketing...
To send to more than one email address, simply separate each address with a comma.