All the latest UK technology news, reviews and analysis


V3 Storage Summit: Signature and encryption-based defences will not keep hackers out of your data reserves

29 Jan 2014
Security padlock image

Businesses are leaving their data open to abuse by believing traditional outdated security practices will protect them against hostile hackers, according to security firm FireEye.

FireEye's European director of systems engineering Yogi Chandiramani told V3 that traditional defences are no longer able to deal with the advanced cyber threats businesses now face.

"The first problem is all today's advanced threats and malware are capable of bypassing traditional tools, ones that are filtering or signature based. At a basic level this is because the hackers know them, they've been around so long the attackers know how they work," said Chandiramani.

"Already we're seeing a high number of zero-day exploit attacks using new ways to bypass controls. In 2013 alone we saw 12 new techniques capable of bypassing traditional defences and we expect to see more this year."

The FireEye security expert added that even robust security measures, such as encrypting stored data are not capable of dealing with the new techniques.

"Once the user's machine is compromised, when they've gotten into the workstation, they can get most things, even encrypted data. This is because the encryption keys are on the machine," said Chandiramani.

Chandiramani added that the techniques are being increasingly used by hackers to mine company data. "Today we are tracking 160 advanced persistent threat (APT) campaigns across the world, each of which is mounting attacks designed to target specific types of information in various types of organisation," he said.

The attacks are capable of mining data from a variety of sources and it makes little difference whether this is stored in the cloud or on premise. "Attackers have been very successful as the internet is a great platform through which they can mount sophisticated attacks," he said.

"But despite this the human factor is still the biggest source of compromise. Today we're so connected, a basic breach via a malicious weblink or something equally simple can snowball. Companies all work with each other, it's the nature of business, so once an attacker gets into one company they can use it as a stepping stone to another."

Chandiramani said businesses will need to adopt intelligence-based defence strategies to deal with the new wave of threats that could compromise their stored data. "The key thing is to get tech that can detect incoming threats. It takes three minutes to compromise a network and months to clean it up," said Chandiramani.

"It's also about threat intelligence, seeing the threats before they hit, knowing which ones are likely to target you. Finally, it's about having the right people in the organisation, who are able to create and instigate a plan of action about what to do when the company is attacked."

FireEye is one of many companies reporting a marked increase in the number of data-mining attacks targeting business. Russian security firm Kaspersky reported uncovering a new version of the Java-focused Icefog campaign targeting a "major US oil company" earlier in January.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Storage
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
23%
13%
4%
16%
32%
12%

Popular Threads

Powered by Disqus
Galaxy S5 vs iPhone 5S vs Nexus 5 showdown

Galaxy S5 vs iPhone 5S vs Nexus 5

We speed test three of the most popular smartphones

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

Software Engineer – Smart TVs, Mobile, Tablet

About Massive Massive are redefining how users...

Information Architect

Information Architect - Midlands, £60k A leading...

1st / 2nd line Technical Support Engineer

Exclaimer provides software for centrally managing email...
To send to more than one email address, simply separate each address with a comma.