In last week’s blog, we discussed why critical malware security infrastructure is a prime target. To recap, targeted malware attack to critical infrastructure will continue to occur solely based on the political and economic ramifications that ensue following the incident. Political, economic and financial drivers are all motivating factors behind attacks of this nature.
Truth #3: No Organization – critical infrastructure providers included – can keep up with the onslaught of new malware attack and APTS.
With connectivity comes access. This blunt fact has forced critical infrastructure providers, like any other sufficiently large enterprise, to assume that someone, somewhere has already compromised their networks. Accordingly, providers have to address the same IT security challenges as other targeted organizations, as well as their own specific challenges.
Providers develop adaptive malware analysis who customize malware attack to individual targets, using specially crafted malware security software for companies. They prefer malware security tools that evade detection at the perimeter and exploit desktop application vulnerabilities and social engineering. These attackers will modify their methods to circumvent any countermeasures their targets implement. They also rely on multi-point malware attack, hoping that targets won’t look at the whole enterprise picture to see what’s really happening.
In addition to creating such individualized, stealthy malware attack, attackers also have incredible volume and diversity of attacks on their side. Malware has mushroomed into a multi-billion dollar criminal industry, growing from fewer than 1 million samples a year in 2007 to more than 100 million a year in 2012. In fact, 2012 will see more malware created each month than in the entire 25 years from 1982 to 2007.
Against this scale of malware attack, enterprises that focus solely on preventing infection are playing a losing game, because attackers’ options for infiltration are almost limitless. Enterprises therefore need cost-effective, scalable post-intrusion detection. Managed services options offer scalable, automated solutions that can help offset the cost for many organizations. If an organization has internal security teams, those teams are often small and develop proprietary tools that are crude and can’t scale.
Next week, we’ll discuss ways critical infrastructure providers can identify, contain and remediate digital vulnerabilities.