Lessons from 2014 for a Better Security Strategy in 2015

John McClurg, Chief Security Officer and VP, Dell
472
766
169

John McClurg, Chief Security Officer and VP, Dell

No industry is as accustomed to constant change as IT. Technology is moving forward at such breakneck speed, it’s interesting to remember that many of the most pressing security chal­lenges we face today did not exist 10 years ago, and in some cases much more recently than that.

The IT organization of 2015 has to monitor a massive and diverse range of threat vectors, created by upward trends in mobility, BYOD, distributed enterprises, cloud storage, wear­ables, and Internet-connected devices, among others. In 2014, some of these threats began to crystallize as organizations saw breach after breach, despite their best efforts to remain secure and compliant.

The new Dell Security Annual Threat Report posits that the best way to predict and combat emerging threats is to fa­miliarize ourselves with recent attacks and develop defense-in-depth strategies to thwart and respond immediately, or even proactively, to future attacks.

Let’s explore the top three trends the report identified.

1) A surge in point-of-sale (POS) attacks

There’s no question that 2014 was a rough year for retail-industry IT teams. Several major brands experienced large-scale data breaches, exposing many millions of consumers to potential fraudulent purchases and/or identity theft. Some attacks took place over several months before being detected, while another breach was detected by its security system but not recognized by IT staff until federal investigators got in­volved.

In 2014, Dell SonicWALL developed and deployed three times more new POS malware countermeasures than in 2013, finding the majority of POS hits were targeted toward the U.S. retail industry. However, PCI compliance simply does not go far enough when it comes to protecting customer data. As the Dell Security Annual Threat Report points out, one of the reasons PCI doesn’t “solve” security is that POS malware tactics are constantly evolving. In 2014, Dell recognized new attack trends including memory scraping and the use of en­cryption to avoid detection from firewalls.

Implementing a robust, defense-in-depth security pro­gram can help stop even these emerging threats. The most common reasons security programs fail is due to inadequate­ly trained employees, lax firewall policies between network segments and in the B2B portal, and reliance on a single layer of defense or an array of poorly integrated products.

2) A dramatic increase in Secure Sockets Layer (SSL) and Trans­port Layer  Security (TLS) encrypted Internet traffic

User privacy has become a hot-button issue in recent years, so sites like Google, Facebook, and Twitter have taken a tip from the financial industry and adopted the secure HTTPS protocol, or SSL/TLS encryption, for their sites. This new practice has be­come so common


that Dell saw a 109 per­c e n t increase in the volume of H T T ­PS web connections from the beginning of 2014 (182 billion) to the beginning of 2015 (382 billion). By March 2015, that number was 437 billion.

However, where there’s a security trend, there’s a hacker (or hundreds) working on new ways to exploit it. In the case of SSL/TLS-encrypted traffic, hackers have begun using this encryp­tion as a way of “hiding” malware from corporate firewalls.

The Dell Security Annual Threat Report gives the example of a popular news site, where a compromised group of banner ads distributed malware to about 27,000 Europeans per hour for four days. As more and more commonly used sites become encrypted, this threat becomes increasingly complicated to manage. Dell recommends organiza­tions start by providing threat protection for encrypted traffic using SSL inspec­tion.

3) Twice the attacks on supervisory control and data acquisition (SCA­DA) systems

One of the more surprising and urgent trends identified in the Dell Security Annual Threat Report was the marked increase in attacks on industrial man­agement software and devices, known as SCADA systems. Oil and gas com­panies, power plants, water treatment facilities, airports, and other industrial organizations use SCADA systems to remotely control and collect data on equipment.

Dell SonicWALL saw attacks on these systems double in 2014, a con­cerning statistic given how devastating a power or water treatment plant failure can be to citizens who depend on those services. The motive behind POS and secure web browser attacks is typically financial, but SCADA attacks tend to be political in nature, aiming to wreak ex­actly this type of societal havoc.

The majority of 2014’s SCADA attacks targeted Finland (more than 202,000), the United Kingdom (about 70,000), and the United States (more than 51,000). The report suggests these regions were the largest targets because of the commonality of SCADA systems, and especially Internet-connected sys­tems, in these areas.

Buffer overflow vulnerabilities were the primary attack method, ac­counting for 25 percent of the attacks. To protect against SCADA breaches, Dell recommends ensuring software and systems are up to date, limiting net­work con­nectivity to trusted IP addresses, restricting unnecessary USB ports or Bluetooth connections, and re­porting attacks when they occur so that other industrial companies can be ap­propriately vigilant.

Other Trends

The report weighs in on several other interesting trends, including the evolu­tion of Android malware, as it begins to mimic desktop attack methods; the future of digital currency attacks; and a prediction that hackers might use already-compromised home router and home network utilities to stage distrib­uted denial-of-service (DDoS) attacks in the coming months.

Dell asserts that, despite the chal­lenging and ever-changing security land­scape, IT organizations still have the up­per hand in protecting their companies from data breaches. Keeping employees well-trained in security best practices, deploying vigorous endpoint defense, updating to next-generation firewalls, implementing two-factor authentication, and segmenting router access in distrib­uted or home offices are just a few of the measures it recommends organizations take as part of a defense-in-depth pro­gram. But the first step is to familiarize yourself fully with the threats that have been presented in recent months, espe­cially those that have succeeded. Un­derstanding the threat landscape is the only way to ensure your organization’s security capabilities evolve alongside its technology, and ahead of the hacker’s in­tent on exploiting it.

Read Also

Today's Threat Landscape Requires Adaptive Security

Dan Joe Barry, VP Positioning and Chief Evangelist, Napatech

Combating Fraudulent Pecuniary Transactions

Jason Witty, Chief Cyber Security Officer, U.S. Bank

Staying Abreast of Application Development and Delivery

James F. Bal, CISSP, GICSP ,CISO, Western Area Power Administration