Modern hack attacks are developing a laser focus

The CIO-level business angle on the latest tech

I recently attended Symantec's annual user conference, where I spent my time talking one on one with the company's leading strategists and technologists. We mostly talked about what enterprises can do to take better control of their information security and regulatory compliance postures. This week I'll share with you Symantec's insight on how threats to data security are changing (and becoming far more dangerous), and next week I'll cover the Symantec strategy for helping companies regain control over protecting sensitive information.

Data loss a mystery for many businesses

IT's traditional approach to information security is to protect the infrastructure around the data as well as where the data resides. Like building a moat around a castle to keep out marauding intruders, this approach is insufficient for today's threats. It's too easy for thieves to cross the moat (or crash the firewall) and have access to the crown jewels -- your company's sensitive data.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

I recently attended Symantec's annual user conference, where I spent my time talking one on one with the company's leading strategists and technologists. We mostly talked about what enterprises can do to take better control of their information security and regulatory compliance postures. This week I'll share with you Symantec's insight on how threats to data security are changing (and becoming far more dangerous), and next week I'll cover the Symantec strategy for helping companies regain control over protecting sensitive information.

Data loss a mystery for many businesses

IT's traditional approach to information security is to protect the infrastructure around the data as well as where the data resides. Like building a moat around a castle to keep out marauding intruders, this approach is insufficient for today's threats. It's too easy for thieves to cross the moat (or crash the firewall) and have access to the crown jewels -- your company's sensitive data.

Because important information is everywhere these days -- on handhelds and other endpoints, in the cloud, in social media -- we need to shift our way of thinking to focus on protecting data and the applications and not just the infrastructure. This is especially important because research shows that many security threats have changed to be more information centric in their focus in order to derive the highest possible value for cybercriminals. Therefore, our approach to security must be one of being information centric as well, while also simplifying the security process.

Symantec's Global Intelligence Network has been observing threats to information security for years. Over time, Symantec has noticed a shift in the intent of cyberattacks on both business and government entities. Hacking attempts have progressed from being mass attacks looking to wreak havoc and steal as much data as they could, to being very targeted attacks looking for specific data from a specific organization.

(Read the Symantec Global Internet Security Threat Report: Trends for 2009 now available online, along with a Webinar that summarizes the key points from the report.)

Symantec categorizes a modern hack attack resulting in a data breach as having four distinct stages.

Stage 1: Incursion -- A hacker gains access to the enterprise infrastructure via an endpoint. In previous years this was done via mass distribution of malware, usually through means such as e-mail or corrupted PDF files. The hacker hoped that more than one person would open the corrupted file or link and allow the malware to spread.

Today hackers leverage social engineering techniques to get the malware onto the endpoint. This approach is very targeted, often with a cyber thief using social media such as Facebook to gather information about a prospective target. The targeted person is heavily researched up front; the attack is socially engineered to lure the victim to trust the e-mail message or attachment with a unique malware-infected payload. Often these attacks and the malware are unique to the specific person and his or her organization, allowing the thief to find and steal important information that can be monetized, such as intellectual property or payment card data.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.