Countering APT attacks

By David Lacey on March 10, 2011 11:49 AM | No Comments | No TrackBacks
| More

Leaked emails from the hacking of HBGary, a top US security investigator, provide further insight into the techniques and targets associated with advanced persistent threat (APT) attacks (a euphemism for sophisticated espionage attacks).  

An article in Bloomberg, claims that some of Dupont's computers were implanted with spyware during a business trip to China, where the PC's were stored in a hotel safe. The response to this threat should be to install self-encrypting drives on laptops, which are more resistant to "'evil maid' attacks. Other types of attack, such as phishing attacks, require a comprehensive package of security measures, including executive education, specialist exercises/tests and continuous network monitoring.

The important point to grasp is that these measures are above and beyond the requirements of ISO 27001, so if you have trade secrets or highly profitable products, then you will need to raise your game above traditional 'best industry practice' levels to resist these attacks. These are persistent attacks, which are coming your way, and they won't stop.   

Categories:

Tags:

| More

No TrackBacks

TrackBack URL: http://www.computerweekly.com/cgi-bin/mt-tb.cgi/35763

Leave a comment

About this Entry

This page contains a single entry by David Lacey published on December 11, 2011 12:39 PM.

Communicating information quickly and efficiently was the previous entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Search

Recent Entries

Archives

Categories

 

-- Advertisement --