Commercial data security getting tougher as cyber attacks get super-smart

Cyber criminals are systematically testing businesses digital defences in order to steal financial and commercial information in greater numbers than ever using super-sophisticated software.

  • Thursday, 19th September 2013 Posted 11 years ago in by Phil Alsop

And with some large internet organisations recently alleged to have opened up their data files to national Governments, how can businesses be sure their data remains confidential and secure?


According to Jeff Orr of Liverpool-based Stack Data Solutions, protecting sensitive company information in this ‘data war’ is getting tougher.
“Cyber-attacks today are far removed from the crude malicious unfocussed things of the past,” he said. “Today’s attacks are more likely to be specifically engineered for individual targets or target groups.


“These advanced persistent threats – or APT’s – are aimed at your systems, your staff, your data, any area of your defence that may provide an opening.”


A modern cyber attack will usually find a way into the system, gather access information and plant a package known as a warhead. For Stack, staying abreast of these threats is critical as the firm provides cloud computing, virtualized network and cyber security services to businesses.


“Attacks are usually composed of several code modules designed to penetrate, receive command and control instructions and deliver the warhead,” said Jeff. “The modules can be quickly modified by their creators to bypass detection. Rarely delivered as one package, they are stealthy sophisticated sequential under the radar process.”


The first stage, known as the ‘dropper’ component, may be hidden in an innocent looking Word document, email or ‘drive-by’ download – where a user either downloads a fake software update or a file automatically downloads in the background without the user ever knowing.


Once in place these components can lie idle and undetected for months without a warhead, slowly spreading through a firm’s computer network or contacts list until, using the command and control instructions they have stolen, they are activated and given a warhead.


That may be a simple key-logger to steal passwords to accounts or something with a more sinister function. That may include capturing credit card and bank details or, in a truly focused attack, sensitive commercial information such as price negotiations, tender responses, acquisitions and mergers positions, intellectual property or research and development information.


“Such attacks are becoming well funded and are more sophisticated, better disguised and more agile with every evolution,” said Jeff. “Given the investment their creators have made and the rewards to be reaped I don’t believe this is a problem that will diminish.


“These threats will continue to develop into ever more discreet packages making detection increasingly difficult.”


Businesses can take steps to beef up their data security by using services such as Stack’s Unified Threat Management system. Effectively a super-secure firewall, it is constantly updated to prevent the latest attacks.


“The UTM system we offer can provide a high level of protection,” said Jeff. “Working with security company Astaro, our UTM has grown over 10 years and kept pace with the development of new threats.”


Cyber attacks are no longer the only source of data leaks however. Many firms are now reliant on email or data storage solutions provided by some of the internet’s biggest household names. But after recent claims that national Governments have been given access to data, is there a risk that sensitive commercial information could find its way into the public domain or malicious hands?


“It should be a concern for businesses,” said Jeff. “They have adopted these systems for efficiency and now find their data may be compromised or issued to certain groups without their consent or knowledge.


“Businesses that are concerned about data security may need to consider moving the benefits of a more tailored cloud computing and back-up service.”


Stack offers a variety of cloud-based network solutions and a Virtual Fortress back-up system that has clocked up more than 100,000 hours of uptime without data loss.


“Every business has to decide how best to run its network,” said Jeff. “But with data security already under threat, it is vital that every commercial enterprise, whatever the size, takes an active interest in how its data is managed and protected.”