Tis The Season To Be Hacked

December, 05, 2014 Franklyn Jones

I know this is supposed to be a happy time of year where the focus shifts to family, friends, and the holidays. But I have some bad news – and then I have some more bad news. But then some good news, so stay with me on this.

OK, first the bad news. Have you been reading the news the last 30 days? Talk about gloom and doom. There's the Regin malware, the Sony hack, growing concern with Malvertising, the escalating cost of cyber attacks, the data breach at the Bebe retail chain, and more. Every day there's something new.

Are these attacks inevitable? Or could they be prevented? If so, how? Well, if you're a business of any size, you obviously want to protect your intellectual property and assets from potential cyber attacks by ensuring that you have a strong network security infrastructure in place. So you wisely invest in the latest state-of-the-art technologies available from leading security vendors. That should help, right?

Unfortunately, that leads me to more bad news. A new report just published by Delta Testing in the UK reveals some downright disturbing results. They tested several different, well-known security appliances to see if they could detect and block cyber threats. But, unlike many other independent tests that use legacy malware, Delta Testing applied a much more valuable methodology:

"Our approach is designed not to trigger an alert based exclusively on a signature or hash match but to allow appliances to detect attacks through advanced emulation or virtualization features (sandboxes). After all, in a real targeted attack, attackers often use never-before-seen malware, which has a very good chance of slipping past signature-based technologies."

If you read the report, you'll see how bad the results were. One appliance could only identify 5% of these attacks, while the best one identified 99%. Most were in the range of 10-30% detection success. Horrible. While 99% success sounds great – and it was certainly better than the other options – anything less than 100% is really a complete failure. Remember, hackers only have to succeed once to win the game.

The only way to get from 99% to 100% is to shift your security strategy from detection to isolation. Since the web browser is a favorite attack vector for cyber criminals, start by isolating the browser and all browser content outside your network. As a result, any and all browser-borne malware also stays outside your network, which means that your chances of winning the cyber security battle just got a whole lot better. To learn more about how the AirGap solution from Spikes Security delivers this value, check out the short video on our home page at www.spikes.com.

And let's change the mantra to "tis the season to be secure." Happy Holidays to all.

Franklyn Jones, CMO, Spikes Security

 

Keep informed.