Attacks/Breaches

9/12/2014
04:37 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
100%
0%

Security Ops Confidence Levels Drop

Survey shows most organizations unable to keep up with new and emerging threats from state-sponsored attackers.

As foreign state-sponsored attackers turn up the heat on corporate targets, security operations staffers are losing confidence in their ability to stave off these threats. New survey results released this week showed that confidence levels among IT security professionals has slipped this year, with fewer than half of them feeling sure they can keep up with new and emerging threats.

Conducted among Black Hat attendees by Lieberman Software, the survey asked infosec professionals about their organizations' readiness to respond to state-sponsored and other advanced attacks. The study found that 59% of respondents believe their organizations are likely to be the target of a state-sponsored attack sometime in the next six months.

This kind of awareness likely comes from the increasing prevalence of successful state-sponsored attack incidents hitting the headlines. And these attacks are no longer just limited to military contractors. Just last month it was found that state-sponsored attackers from China broke into Community Health Systems (CHS) and stole data about 4.5 million patients.

[How much do enterprises really care about IAM? Read Identity and Access Management Market Heats Up.]

According to this week's survey results, 48% do not think their staff or tools would be able to detect such attacks. Meanwhile only 41% of respondents think that their tools and processes are able to keep up with new and emerging threats. That represents a drop in confidence compared to the same survey conducted last year, when 57% of IT security pros said they believed they could keep up.

According to Phil Lieberman, CEO of the firm, the results could suggest a mind shift as infosec pros view many existing IT security infrastructure investments as a "gigantic waste of money."

"IT professionals are backing away from legacy and analyst-recommended solutions and strategies, since they are toxic to their company and their personal careers," he says, pointing to fallout from breaches at Target and Home Depot as examples. "Only strong senior leadership will fix the current security debacle of weak internal security as there are no 'get out of jail free' cards from the auditor or analyst community."

This strong leadership should be directed at better security design and improved processes. But that may not be easy, as in many cases for controls that improve things like least privilege access, greater accountability for all users, and increased segmentation of data and networks. All of that may require the "breakdown of existing political power bases" within enterprises, he says.

"In effect, this is an act of creative destruction that reorganizes the operations of companies along military lines of information compartmentalization and builds in the necessary systems to be resilient against attacks," Lieberman says.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/15/2014 | 2:24:35 PM
Re: Glass Half Full
I agree with both these points. I think investing in appropriate security infrastructure, people and processes is a good start. But also to point out, I think that current infrastructure isn't always used properly. Before adding on to whats already on your plate, an enterprise should definitely refine their current infrastructure. Things such as policy and access control can definitely fall into this realm. You don't want to fill your plate up with more projects before understanding that there security measures that could be taken proactively.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
9/15/2014 | 9:52:49 AM
Re: Glass Half Full
@StudiousMonkey, Your point is well-taken about the "glass-full" benefit of the growing number of data breaches.. Or to use another metaphor -- the squeaky wheel -- the more frequently execs in the C-suite & the corporate boards they report to have to ask their SOC teams "are we vulnerable to .... (fill ih the data breach du jour), maybe they will be more open to investing in appropriate security infrastructure, people and processes. 
aws0513
50%
50%
aws0513,
User Rank: Ninja
9/15/2014 | 9:47:30 AM
Rally the troops!!
I am trying to put on my surprised face, but for some reason it just will not stick.

It is reminescent of the disenchantment that police forces around the world constantly struggle with.  The perception that all they are doing is spinning their wheels, nothing they are doing is helping stem the tide, and that the world is still falling down around them.

A long time ago, I was reminded by an old and hardened soldier that specialized in physical security programs that the achilles heal of security forces mindset is the lack of hard evidence that the work they are doing is making a difference. 
Basically, when security is working...  very little happens.  And when something does happen, the drama of the event is amplified by the expectation that the security team could have prevented it if [insert extraordinary preventative measure here].  Everything is amplified...  including the sense of despair and wasted effort.
His attitude was this: If he didn't do his job to the best of his ability and knowledge, what would the alternative look like?  
In his summation: Far far worse than what exists today.

The cybersecurity war will always be ongoing...  just like the law enforcement war on crime in the physical world.
But to let up or give up should not be an option. 
I can relate to the disenchantment feelings.  Many times I have felt that something I have implemented or something I am doing is wasteful or useless.  

Take faith that even though you do not see any malicious activities in your various security logs, the fact that your logs are working (if you test them properly) should be an indication that your efforts are demonstrating diligence.  When bad things happen, odds are better that you are more likely to notice some kind of badness and respond in a timely manner.
Take faith that when you do find something bad within your perimeter, that it 1) has been found and 2) you and your counterparts are remediating the problem and 3) you have an indicator of what more needs to be done to mitigate the action from happening again.

If we are doing our jobs, then we are all learning what works... and what doesn't...  all the time.
Constantly improving our fighting position. 
Constantly learning about how adversaries are attempting to breach the perimeters and/or matriculate our ever bristling bastions of security controls.
Constantly working with other security pros to share information and techniques that can help us protect against the unforseen threats around us.
Constantly vigilant in our efforts to identify malicious activities and remediated them before they can do any undo harm.

Keep up the good fight out there folks! 
The alternative should not be an option to consider.

(Note: I hope this is helpful on a Monday morning.  Everyone out there should know that if they are trying the help improve security in their IT environments, they are on the good side of the fight.)
StudiousMonkey
50%
50%
StudiousMonkey,
User Rank: Apprentice
9/15/2014 | 8:59:01 AM
Glass Half Full
Why do people keep referencing Target as an excuse to back away from security infrastructure technologies?


The Target breach was a 100% percent incident response and process fail. FireEye was able to generate the alarms, but ultimately people and process failed.


I don't see security infrastructure as a "gigantic waste of money". Obviously if you rely on it 100% without the proper process and people watching the castle, things will fail.


I'm getting sick and tired of this doom & gloom attitude everyone is walking around with.

Being 100% blue team is not easy, but it's not impossible. These breaches are actually a good thing because it raises the brow of top-level execs that don't want their 7 figure salaries and bonuses compromised by a breach.

We just need to keep working together as a community until we finally end up on the winning side.

Hey, if anything, it keeps us gainfully employed and keeps the job interesting.

Glass half-full people!

 
anon8047814633
50%
50%
anon8047814633,
User Rank: Apprentice
9/13/2014 | 3:41:46 PM
WOW
Good reading, yet scary, because America is not ready for a Cyber War.  Something needs to get done now or else it will be too late!!!  Thanks again Ericka and keep up the great work!!!
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
Kelly Sheridan, Associate Editor, Dark Reading,  11/14/2017
Companies Blindly Believe They've Locked Down Users' Mobile Use
Dawn Kawamoto, Associate Editor, Dark Reading,  11/14/2017
121 Pieces of Malware Flagged on NSA Employee's Home Computer
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/16/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.