Firms failing to guard against targeted cyber attacks


Firms failing to guard against targeted cyber attacks

Warwick Ashford

Most businesses do not have adequate IT security to protect against profit-driven targeted cyber attacks, says the Information Security Forum (ISF).

These attacks are being run by well-funded criminal networks that bring together specialist skills and expertise to defeat traditional defences, the ISF said.

Typically, the profit-driven attacks to steal bank and access details are targeted at high value organisations or individuals.

The ISF warned that most attacks are able to circumvent generic security controls, while anti-forensic techniques are used to remove traces such as deleting system logs.

Businesses need to go beyond the basic security measures of patch management, tight access control, intrusion detection and event log analysis, the ISF said.

Grega Vrhovec, researcher at the ISF, said businesses should monitor hacker forums to see if their data has been compromised.

"This will enable them to undertand how criminals are targeting them and how to notify banks and customers if necessary," he said.

Vrhovec said businesses should also share information on cyber criminals attacks with their peers to help prevent the same techniques being used on others.

"International anti-cyber crime organisations are failing to stop these targeted attacks and until the new UK police e-crime unit gets up and running properly there is no-one looking after business," he said.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy