Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Don’t blame cyber attackers for data breaches, blame a lack of preparation

October 20, 2017

  • Blog
  • Archive

Cyber attackers are savvy, their methods are sophisticated, and we in the InfoSec community need to get over it.

At the Check Point Cyber Security Symposium in Sydney last week, Telstra CIO, Mike Burgess criticized those organizations that overly focus on attributing cyber attacks, or blaming 'sophisticated' attackers for their networks being compromised.

In his address to the audience, Burgess said: "What I observe, what I fear, what I see too much of, is many commentators, many in the industry, and many in media, focus on attribution, with very little focus on the root cause. No-one should lose valuable information where at the root cause there is a known remedy. For me, that is unforgivable in this day and age. And I've got to tell you -- my view at least -- too much of this distraction around attribution takes away from focusing on what's really important here."

Burgess went on to illustrate his point by highlighting some of the language used by companies in response to a breach. After the Home Depot breach for instance, the company said: "The malware used in the attacks had not been seen in any prior attack, and was designed to evade detection by antivirus software".

"Really?" said Burgess. "I mean really?"

Burgess makes very valid point. It's all too easy for organizations to lay the blame at the feet of the attackers, to point to their antivirus software and say "it never stood a chance". Cyber attackers are savvy, their methods are sophisticated, and we in the InfoSec community need to get over it.

Most businesses will, at some point, be targeted by cyber criminals or fall victim to a breach. Once you've got your head around that, it's how you deal with it and how you prepare for it that really matters. Relying on reactive measures like antivirus simply doesn't cut it, in fact, antivirus only stops around 45% of all virus attacks leading Symantec to declare antivirus "dead".

So what's the solution?

Proactivity is essential against a backdrop of advanced threats. Technologies such as privilege management, application control and sandboxing are proven, effective strategies to counter today's threats. Since we launched our unique Defendpoint software the response from the business community, from CISOs and security managers alike has been incredibly positive, so much so that orders are flying in from all corners of the world. Part of this demand is the growing realization from organizations that they need to switch to a more proactive security posture.

In a recent global survey we conducted at influential security events, this switch to the proactive became apparent. Our research found that 44% of those surveyed now identify their security approach to be proactive. A further 27% however are still clinging on to more reactive measures.

Though undoubtedly technology plays a critical role in enterprise security, it is also supported by other practises such as user education. Educating employees that they will be targeted, encouraging them to be vigilant at all times, teaching employees what qualifies as sensitive data, how to identify and avoid threats, acceptable use policies and security policies for instance. Combined with the right proactive technologies, these steps can drastically improve enterprise security.

To round off his speech in Sydney, Mike Burgess presented the Five Knows to Cyber Security - a framework that Telstra has presented at a number of events designed to guide people through the challenges and pitfalls of security.

  • Know the value of your data. Know its value to customers, yourselves, maybe your competitors, and most definitely those who wish to do harm.
  • Know who has access to your data.
  • Know where your data is, both domestically and globally.
  • Know who's protecting your data.
  • Know how well your data is protected. - Here Burgess points to the usefulness of advice like the Australian Signals Directorate's Top Four, a list of steps that we at Avecto actively encourage organizations to follow.

It's clear then that organizations can no longer point the finger at sophisticated cyber attacks and expect their customers and clients to show sympathy. Simple proactive steps can transform enterprise security from a blame culture to a prepared one - it's up to you to do something about it.

For further information on proactive security, how Defendpoint can help and more, visit our website at www.avecto.com/defendpoint

Paul Kenyon

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 25, 2021

Customer Tips & Tricks: Remote Support for Android

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.