The best defense, says a longstanding military proverb, is a good offense. And the impulse to go on the offense against hackers is a strong one. Conventional fixed endpoint defenses are all too easily bypassed by today's generation of sophisticated cybercriminals and cyber-intelligence operatives.
But, cautions security guru Eugene Kaspersky, some of the potentially most effective counterstrike tools are illegal – and for good reason. Other measures are both legal and effective, but may tax IT resources. Which means that enterprises have to strike a careful balance in their security strategy and tactics.
The cybersecurity threat is evolving, as we have noted here before. Cybercriminals are organized and sophisticated – and in a still-struggling economy they have strong incentives. They seek out low-hanging fruit, and are in it for the money, e.g. targeting credit card account number.
Hackers affiliated with national espionage agencies are even more sophisticated. And they are also targeting firms, often bent on stealing their intellectual property.
Surprisingly, says Kaspersky, consumers today may be more secure than enterprises. Consumer systems with updated patches and antivirus signatures offer robust security. In contrast, enterprises – with much more complex operating requirements – too often suffer from weak network configurations, outdated patching, limited endpoint defenses, and other deficiencies.
For the most critical data, Kaspersky argues, enterprises should consider uplogging networks from the Internet entirely. But even this does not offer absolute security: As Stuxnet showed, a single pocket flash drive can introduce malware into a "closed" system.
Nor does every network within the enterprise require the most massive security. There is never any excuse for bad security, but good basic security measures often provide ample protection.
Training is critical. It must be provided not only for individuals with specific security responsibilities: Everyone in the organization needs basic threat awareness. "Social engineering" tactics – such as spear-phishing emails that appear to be from friends and colleagues, but are laden with malware – are a fast-growing method of attack.