APT Attacks Will Seek Smaller TargetsGartner's Ahlm: SMBs Beware - Launching Targeted Attacks Getting Easier
While APT is generally a threat vector associated with large organizations, automation and the rising economic feasibility of launching targeted attacks on a small scale means that small and medium enterprises will now drift into the crosshairs, says Eric Ahlm, Research Director at Gartner.
"If you're housing intellectual property of financial value, you need to start thinking about how the threat landscape is coming down market," he says.
The cost to develop some of these types of attacks has gone down significantly to almost consumer-levels. While the level of organization in the cybercriminal underground is a much discussed factor, at the root of all this is just simple economic gain.
The only time it makes sense to now steal a credit card is when it's done en-masse. But these groups now look to liquid data assets - things such as intellectual property, source code, patents, trade secrets, pharmaceutical research are all very high-value targets. "Any size of organization they can grab it from, it's worth their time to go and get it," Ahlm says.
Given the common trend with APT to circumvent preventative technologies, one must make the assumption today that defenses might fail, and organizations will be breached. The resilience comes when one is able to detect that sort of thing in a timely manner and remediate it. If you are able to detect an intrusion into your network and remediate it before the attacker could steal anything, was there really an event? Technically yes, but your assets remain secure, and that is where the focus needs to be - looking out for indicators of compromise, rather than depending on preventive technologies to tell you when you have been compromised.
Eric Ahlm was a speaker at the Gartner Security & Risk Management Summit, held in Mumbai on September 1 and 2. In this interview with ISMG, Ahlm speaks about the evolution of the APT landscape and the direction that he sees it heading in. He also shares insight on:
- APT defense recommendations;
- The right APT technologies to invest in;
- Some predictions on what to expect in the coming months.
In his role as Research Director within the security team at Gartner, Ahlm has the charter to look broadly across the security marketplace. Looking broadly allows Ahlm to find fast-moving and disruptive trends that can impact multiple security markets, and identify market factors such as convergence growth, slowdowns, or changes in competitive landscapes due to emerging trends. This role allows Ahlm to help security vendors plan future investments that are aligned to the market direction, security buyers understand how emerging trends can impact their security programs or budgets, and investors understand global growth opportunities for security. Ahlm specializes in addressing issues around advanced-threat technology and strategies, BYOD project strategy, mobile device security and connectivity, remote-access strategy and network security.