News

Firms failing to guard against targeted cyber attacks

Most businesses do not have adequate IT security to protect against profit-driven targeted cyber attacks, says the Information Security Forum (ISF).

These attacks are being run by well-funded criminal networks that bring together specialist skills and expertise to defeat traditional defences, the ISF said.

Typically, the profit-driven attacks to steal bank and access details are targeted at high value organisations or individuals.

The ISF warned that most attacks are able to circumvent generic security controls, while anti-forensic techniques are used to remove traces such as deleting system logs.

Businesses need to go beyond the basic security measures of patch management, tight access control, intrusion detection and event log analysis, the ISF said.

Grega Vrhovec, researcher at the ISF, said businesses should monitor hacker forums to see if their data has been compromised.

"This will enable them to undertand how criminals are targeting them and how to notify banks and customers if necessary," he said.

Vrhovec said businesses should also share information on cyber criminals attacks with their peers to help prevent the same techniques being used on others.

"International anti-cyber crime organisations are failing to stop these targeted attacks and until the new UK police e-crime unit gets up and running properly there is no-one looking after business," he said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy