In the medical world, there's a raging battle against microbes and bacteria that are evolving and becoming resistant to existing treatments and drugs. The same thing is happening in the world of technology.
When computing first emerged as a powerful business tool, protection from threats required little more than the installation of anti-virus software. These tools efficiently scanned for malicious code and kept systems safe from attack.
But, while antivirus is still vital, it's no longer enough. The threats facing IT infrastructures today are rapidly evolving and require more and more sophisticated responses. Just like the doctor's patients, if organisations fail to remain a step ahead of the threats, they risk falling victim to them.
The rise of Advanced Persistent Threats
The early viruses and worms that targeted IT systems have evolved into something altogether more powerful and problematic. Dubbed Advanced Persistent Threats (APTs), this malicious malware can evade many antivirus barriers and cause significant damage and disruption to IT infrastructures.
APTs use a range of techniques to avoid network and device defences. These include encrypted communication channels, kernel-level root kits and zero-day vulnerabilities.
As their name suggests, APTs are persistent, meaning they are designed to be stealthy and remain within a target system for an extended period. Some are able to clean up after themselves by deleting logs and use strong encryption to evade discovery by security tools.
The effect of these new and rapidly evolving threats has already been seen around the world. Organisations from small businesses to large multi-national companies have fallen victim with some suffering significant financial losses as a result.
For example, in 2013, retailer Target fell victim to an APT which stole large numbers of customer credit card details. According to business magazine Forbes, Target's sales declined by almost 50 per cent during the final quarter of that year and between 5 and 10 per cent of customers indicated they would never shop there again.
ther high-profile examples include bank JP Morgan Chase which lost account information on 76 million households and 7 million small businesses, and US health insurance firm Anthem which had the personal information of 80 million customers compromised during an attack in 2015.
In the same year, hackers also targeted the US Office of Personnel Management (OPM) and obtained sensitive information about employees who had
had undergone background checks for security clearances. According to reports, more than 21 million records were compromised.
The bottom line is that antivirus tools, though still important, no longer provide sufficient protection against the rising tide of threats.
The sandbox approach
One approach being adopted by many organisations is the use of a sandbox. This involves running suspect code within a secure environment (the sandbox) to check whether or not it represents a threat before allowing it into the IT infrastructure.
Sign up for MIS Asia eNewsletters.