When I was involved in a case with the US Secret Service, they brought in an "ethical hacker" as their computer consultant. One of the techniques used against businesses is to target key individuals in the company and send them emails with infected links and attachments. These are often the folks in the organization who handle the money. They often send these emails to the CFO and to the accountants. The hopes are that someone in your organization will click on the link, or open the infected PDF file and provide an entry point into your company and even the department where the money is handled. Since this is you or your users clicking on the link or email, traditional firewalls are useless. "You" and your employees are asking for this information.
The other thing that was emphasized is most businesses and organizations with a web page offer these cybercriminals a streamlined guide to their organization so they know exactly who to target - your staff directory. In the name of good customer service it is not uncommon to list very specific names of who is responsible for what along with their email addresses. The criminals now know exactly who is in charge and how to contact them. They also know who works for and with them. The target has been identified. Now the barrage of innocent looking emails begins to flow into the organization. Through various social engineering tactics and hoping to exploit known security issues (read my "Steps you can take to improve the security and worker productivity on your computers and servers" post) they are banking on the fact that someone is going to click on something. One mis-step and they are now sitting inside your network and calling home to the bad guys. From there they are probing your network, inviting others into your network, and sharing information back to the bad guys.
While no defense is foolproof, we believe in layered defenses for security:
- Firewalls that look at traffic flows and patterns
- Centrally managed patch management to keep servers and workstations up to date with the latest vendor recommended security levels
- Web filtering to stop users from innocently clicking on known infected links
- Centrally managed and centrally updated anti-virus and anti-malware software that reports what is going on across your organization
- Spam filtering for emails
- 24x7x365 monitoring and reporting technologies such as CSI's Paladin remote monitoring service
Recognizing this reality, IBM Corp. has declared 2011 "the year of the security breach".