Advanced targeted threats are on the rise-- and security controls need to evolve against them, Gartner says.
Targeted attacks penetrate standard security control levels, causing significant businesses damage to enterprises not equipped against them. 4-8% of executibles passing through the average enterprise's antivirus defenses are malicious, according to Gartner.
Targetted attacks aim to achieve specific impact against specific enterprises, in order to achieve 3 major goals motivated by financial gain:
Denial of service: Disrupting business operations
Theft of service: Obtaining use of the business product or service without paying for it
Information compromise: Stealing, destroying or modifying business-critical information
Gartner points out strategies your customers can implement to deal with advanced targeted threats:
Own the vulnerability, don't blame the threat: companies need to know (and close) their vulnerabilities-- before attackers find and exploit them.
Evolve defences, don't just add layers: "security in depth" is the best approach to reducing risk-- not only by owning increasing numbers of security products, but by having the staff and operations support integrating everything together.
Focus on security, not compliance: going beyond standard network security and assessment diligence levels, by using tools and processes to look for active threats on internal networks.