Tuesday, 20th October 2020

Targeted attacks with far-reaching consequences

Why business decision makers should expand their network security strategy, By Chris Connell, Deputy Vice President of Global Sales and Director of European Operations, Kaspersky.

Targeted attacks on companies by cybercriminals are becoming a growing threat. Whether they embrace IoT or the Cloud, or both, companies are increasingly confronted with the challenge of securing their own IT landscape with professional solutions. After all, anyone losing track of the situation cannot immediately analyse and ward off attacks and prevent consequential damage.

It is not only large companies and corporations that are affected, but also small and medium-sized businesses (SMBs). This is the case because even smaller companies store data that is of interest to third parties that can be misused as part of the (digital) supply chain as a gateway to corporate networks [1].

Cyberattacks cost money

As a result of these attacks, sensitive data is often lost, the company’s reputation is left damaged and there are high follow-up costs. This combination of consequences can threaten the existence of SMEs in particular. For example, the average costs following a targeted attack for small and medium-sized businesses last year amounted to around USD 138,000 [2]. Follow-up costs for large companies resulting from data breaches generally amounted to USD 141 million.

Around half of both SMBs (47%) and large companies (51%) are finding it increasingly difficult to identify the difference between generic and targeted attacks, making it more difficult for them to detect an incident or assess its potential damage. This makes them more vulnerable to moderate and complex threats.

In addition, medium-sized companies often have very limited resources to invest in cyber-defence, which makes it difficult to deal with complex threat scenarios and significantly increases the chances of cyber-risks – including partner networks of large companies they are connected to. Analysing the growing number of incidents and dealing with them in a professional manner would require more specialists – such as security analysts and incident response experts – able to identify and investigate threats and respond appropriately to such external threats.

However, closing more gateways and being more proactive in their IT security strategy makes companies better equipped to fight cybercriminals. Modern solutions make this possible with little additional effort for the IT teams, enabling companies and organisations to concentrate on their core business.

Cyber-protection through the use of advanced technology

Today more than ever, large and medium-sized businesses should use advanced technologies and implement multi-layered security approaches. Sound endpoint protection is still the foundation for

PCs, Macs, servers, and mobile devices, but it’s definitely not enough in today’s threatened environment. Modern IT protection solutions, such as Kaspersky Endpoint Security for Business [3] (see box), complement endpoint protection with new proactive approaches and technologies like endpoint detection and response (EDR) and sandboxing.

After all, it is important to stay updated with the latest innovations used by attackers. EDR technology, in particular, enables companies to optimise their own protection against complex cyberthreats. Leading analysts Gartner identified those vendors that integrated EDR into their endpoint protection [4] as early as two years ago.

EDR: Knowledge is power – and protection

By using endpoint detection and response, companies receive important information about malicious activities in their network – including visualised attacks, propagation paths, and corresponding cause analysis. For example, an EDR system will forward any suspicious file that is identified and that cannot be definitively classified as malicious to a downstream sandbox. This additional security tool then automatically executes the suspicious file in an isolated environment and analyses it for potential threats. This makes it possible to determine whether there are any signs of possible intrusion by unauthorised persons or unauthorised activities by employees or partners.

Signatures, rules, and restrictions used to be sufficient to counter such attacks. Modern solutions act much more intelligently and, above all, more proactively, for example with the help of machine learning. This gives even companies with limited cybersecurity resources a professional overview of their system and comprehensive information about any security incidents, as well as immediate damage analysis and automated response options, minimising potential negative impacts on companies and making their IT security strategy more proactive.

The right protection concept is key to a company’s success

Business managers are increasingly having to think about how they wish to protect their company from the growing dangers of cybercrime as part of their own security concept. Endpoint security is becoming increasingly intelligent and powerful in order to respond to targeted attacks. Security managers are able to follow the activities of an attacker in real time, as security-related endpoint activity is fully monitored using EDR technology. They can see what commands attackers execute and what techniques they use as they attempt to break into or move within an environment.

Kaspersky’s flagship Endpoint Security for Business solution for SMBs and enterprises integrates a cloud management console, Kaspersky Endpoint Detection and Response (EDR) Optimum together with Kaspersky Sandbox. The basic elements of the solution are: · Protection for endpoints, servers, and gateways · Streamlined security, management, and delegation · Strengthened systems and enhanced productivity · Improved attack and compromise detection · Time savings through the automation of OS and software deployment tasks · Reduced total cost of ownership and complexity · Simplified migration initiatives You can find more information about Kaspersky Endpoint Security for Business at: https://www.kaspersky.de/small-to-medium-business-security

[1] https://www.forbes.com/sites/zakdoffman/2019/09/26/china-suspected-of-multiple-airbus-cyberattacksa350-among-targets/#d2abd7fe630a

[2] https://go.kaspersky.com/rs/802-IJN-240/images/GL_Kaspersky_Report-IT-Security-Economics_report_2019.pdf

[3] https://www.kaspersky.de/small-to-medium-business-security

[4] https://www.gartner.com/en/documents/3894086/market-guide-for-endpoint-detection-and-response-solutio

A recent HPE panel discussion sought to provide some answers to this question – topics covered inclu...
Pascal Geenens, director of threat intelligence, Radware, offers some fascinating insights into some...
You may be surprised to learn that one of the first computer viruses to bring millions of computers...
How IT managers protect corporate networks from targeted attacks By Chris Connell, Deputy Vice Pre...
By Miles Tappin, Vice President, EMEA at ThreatConnect.
By Mikkel Stegmann, Principal Scientist at Fingerprints.
Digital transformation needs security at heart, says Jonathan Whiteside, Principal Technical Consult...