Most businesses do not have adequate IT security to protect
against profit-driven targeted cyber attacks, says the
Information Security Forum (ISF).
These attacks are being run by well-funded
criminal networks that bring together specialist skills and
expertise to defeat traditional defences, the ISF said.
Typically, the profit-driven attacks to steal bank and access
details are
targeted at high value organisations or individuals.
The ISF warned that most attacks are able to circumvent generic
security controls, while anti-forensic techniques are used to
remove traces such as deleting system logs.
Businesses need to go beyond the basic security measures of
patch management, tight access control, intrusion detection and
event log analysis, the ISF said.
Grega Vrhovec, researcher at the ISF, said businesses should
monitor hacker forums to see if their data has been
compromised.
"This will enable them to undertand how criminals are targeting
them and how to notify banks and customers if necessary," he
said.
Vrhovec said businesses should also share information on cyber
criminals attacks with their peers to help prevent the same
techniques being used on others.
"International anti-cyber crime organisations are failing to
stop these targeted attacks and until the new
UK police e-crime unit gets up and running properly there is
no-one looking after business," he said.