Why Targeted Cyber Attacks Succeed
*This post originally appeared on the AppSense blog prior to the rebrand in January 2017, when AppSense, LANDESK, Shavlik, Wavelink, and HEAT Software merged under the new name Ivanti.
By John Pescatore, Director of Emerging Technologies, SANS
The security benefits of application control and privilege management are well known -- they are often considered to be Security 101. Nonetheless, the majority of breach reports have determined that attacks succeeded because of either missing or ineffective controls and processes in these areas.
In 2015, according to the Identity Theft Resource Center, 781 data breaches were disclosed, with an average of 216,000 records exposed per breach.
The report found the largest and fastest-growing attack method to be hacking/skimming/phishing, with phishing techniques dominating that grouping.
Phishing succeeds for several reasons:
- Reusable passwords continue to be in widespread use.
- Email and web browsing do not provide strong authentication to different legitimate connections from fraudulent connections.
- Users continue to be fooled by clever, targeted phishing attacks and give up their credentials.
- Enterprises continue to over-provision user rights for installing software and accessing data.
Improvements in security controls are needed in all areas, but eliminating passwords, hardening email and web applications and changing user behaviors are long-term campaigns.
Security programs can have near-term impact in disrupting common attack patterns by improving security controls around installing and executing applications and assigning user-access levels.