Yesterday, March 12, James R. Clapper, the Director of National Intelligence, provided the United States Senate with the annual US INTELLIGENCE COMMUNITY WORLDWIDE THREAT ASSESSMENT. The first threat in the report is Cyber. While we think it is important to read the entire discussion of Cyber, we think this excerpt provides a good summary of the situation:
Foreign intelligence and security services have penetrated numerous computer networks of US Government, business, academic, and private sector entities. Most detected activity has targeted unclassified networks connected to the Internet, but foreign cyber actors are also targeting classified networks. Importantly, much of the nation’s critical proprietary data are on sensitive but unclassified networks; the same is true for most of our closest allies.
- We assess that highly networked business practices and information technology are providing opportunities for foreign intelligence and security services, trusted insiders, hackers, and others to target and collect sensitive US national security and economic data. This is almost certainly allowing our adversaries to close the technological gap between our respective militaries, slowly neutralizing one of our key advantages in the international arena.
- It is very difficult to quantify the value of proprietary technologies and sensitive business information and, therefore, the impact of economic cyber espionage activities. However, we assess that economic cyber espionage will probably allow the actors who take this information to reap unfair gains in some industries.
It is now abundantly clear that one of the most important paths to compromising systems is social engineering that deceives personnel into compromising their systems. Mandiant recently issued a comprehensive report detailing how APT attacks use spearphishing emails are used to infiltrate systems. This chart, derived from data reported by Trend Micro, shows the prevalence of spearphishing in APT:
Your personnel will receive malicious emails. Your security hangs in the balance when an employee decides to click a link or open an attachment. Telling employees to avoid suspicious emails is good advice. The attackers use this same guidance — that is why cyberattackers use social engineering to craft emails that are not suspicious. IT must intervene in the email processing decision. That is the role of SP Guard. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff at the moment the person is deciding to click or pass. In the SP Guard environment, staff can, for example, easily distinguish a trusted HR email from a spoof HR email.
You can contact us at 408-727-6342,ext 3 or use our online form.