Organisations must do more protect against Advanced Evasion Techniques
Company IT security experts are failing to defend their organisations against Advanced Evasion Techniques (AET's) according to research by Vanson Bourne across 800 CIOs in the US and Europe.
AET's are commonly used by hackers and criminal gangs to circumvent and penetrate even the most secure networks.
They work by combining attack methodologies that can then dynamically change and be used to sniff and attack more widely across the network simultaneously. This approach can often disguise the threat making it appear harmless to many network security systems and this makes it harder for the security team to respond and defend against the attack.
The research report reveals that almost 40% of CIOs who have suffered a breach believed that AET's were used. Across the whole sample base the average cost of the breach to the organisation was in excess of $930,000 with the financial sector suffering losses of more than 2 million per breach.
Awareness of the threats from Advanced Evasion Techniques was cited as a critical factor as while many cyber criminals are using the technique most IT security professionals lack the detailed understanding of AET's necessary to properly address the risk. Of those surveyed nearly 40% stated that they did not have the ability to identify or track AET's in their networks.
Ashish Patel, Regional Director for Network Security for McAfee UK who commissioned the study, commented "… Hackers already know about advanced evasion techniques and using them on a daily basis". He added "the study has shown the real lack of understanding, knowledge and awareness in the community. What we're hoping to do is educate businesses so they know what to look for and understand what's needed to defend against AET's. Education is absolutely key"
Patel also raised concerns over third-party security testing where he believed that many companies were overstating their detection capabilities and were perhaps contributing to a false sense of security for customers.
To read the report please click below:
You might also like ...
When we started CRIF last year, US based publications [insurance and infosec] asked how CRIF could help a North American cyber liability market that was already 7-8 yrs old.
I made the point that the US market is very much led by third-party policies [as defined in the UK] and that first / third party would predicate better risk management.