All the latest UK technology news, reviews and analysis


V3 Storage Summit: Signature and encryption-based defences will not keep hackers out of your data reserves

29 Jan 2014
Security padlock image

Businesses are leaving their data open to abuse by believing traditional outdated security practices will protect them against hostile hackers, according to security firm FireEye.

FireEye's European director of systems engineering Yogi Chandiramani told V3 that traditional defences are no longer able to deal with the advanced cyber threats businesses now face.

"The first problem is all today's advanced threats and malware are capable of bypassing traditional tools, ones that are filtering or signature based. At a basic level this is because the hackers know them, they've been around so long the attackers know how they work," said Chandiramani.

"Already we're seeing a high number of zero-day exploit attacks using new ways to bypass controls. In 2013 alone we saw 12 new techniques capable of bypassing traditional defences and we expect to see more this year."

The FireEye security expert added that even robust security measures, such as encrypting stored data are not capable of dealing with the new techniques.

"Once the user's machine is compromised, when they've gotten into the workstation, they can get most things, even encrypted data. This is because the encryption keys are on the machine," said Chandiramani.

Chandiramani added that the techniques are being increasingly used by hackers to mine company data. "Today we are tracking 160 advanced persistent threat (APT) campaigns across the world, each of which is mounting attacks designed to target specific types of information in various types of organisation," he said.

The attacks are capable of mining data from a variety of sources and it makes little difference whether this is stored in the cloud or on premise. "Attackers have been very successful as the internet is a great platform through which they can mount sophisticated attacks," he said.

"But despite this the human factor is still the biggest source of compromise. Today we're so connected, a basic breach via a malicious weblink or something equally simple can snowball. Companies all work with each other, it's the nature of business, so once an attacker gets into one company they can use it as a stepping stone to another."

Chandiramani said businesses will need to adopt intelligence-based defence strategies to deal with the new wave of threats that could compromise their stored data. "The key thing is to get tech that can detect incoming threats. It takes three minutes to compromise a network and months to clean it up," said Chandiramani.

"It's also about threat intelligence, seeing the threats before they hit, knowing which ones are likely to target you. Finally, it's about having the right people in the organisation, who are able to create and instigate a plan of action about what to do when the company is attacked."

FireEye is one of many companies reporting a marked increase in the number of data-mining attacks targeting business. Russian security firm Kaspersky reported uncovering a new version of the Java-focused Icefog campaign targeting a "major US oil company" earlier in January.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Storage
What do you think?
blog comments powered by Disqus
Poll

Green IT poll

How important is it to your business that a cloud provider uses renewable energy like solar or wind to power their data centres?
19%
6%
5%
2%
68%

Popular Threads

Powered by Disqus
mike-schutz-microsoft-server-and-cloud-division

Microsoft's Mike Schutz discusses the firm's cloud computing strategy [Video]

V3 interviews Microsoft general manager for Windows Server and Management, Mike Schutz, to find out why customers should adopt the Private Cloud

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Front End Web Developer - Leading Sports Nutrition Online Retailer

Front End Developer (HTML5, CSS3) - Leading Sports Nutrition...

Systems Developer – Nature Conservation Charity

Wizard wanted , Experienced Software Developer (.NET...

IS Database Administrator (SQL) - Charity

We're looking for a talented, user-focused and technically...

Assistant IT Director

Assistant IT Director Annual Salary: Up to £74,954...
To send to more than one email address, simply separate each address with a comma.