TOM FIELD: This is Tom Field, Vice President of Editorial with Information Security Media Group. I'm talking today about APT and cyber extortion - who's most at risk. It's my pleasure to be speaking with Usman Choudhary. He's Senior Vice President and Chief Product Officer with ThreatTrack. Usman, thanks so much for joining me today.
USMAN CHOUDHARY: Thank you, Tom. It's my pleasure to be here.
FIELD: Usman, the term APT gets used a lot. In your view, what exactly is a true advanced persistent threat, and why are they so hard to stop?
CHOUDHARY: Tom, good question. Advanced Persistent Threat, APT, is a network attack. And it's a network attack when an unauthorized person gains access to the network, and stays there undetected for a long period of time. What that means is they're lurking, discovering information and making their way through the network. And until they find what they want, the attacker uses advanced methods to gain access, like spear fishing. They target certain roles like sysadmin and CFOs, and they'll use a variety of different techniques, including social media, and Facebook, and so on. Once they're in your network, they'll go into stealth mode. They'll activate a command and control type of system, and they'll wait until they find something of value. And, finally, they'll exfiltrate data. The key to an APT is that is persistent, it's not smash and grab, it's a low and slow method where the perpetrator will wait for weeks or months until they're ready to exfiltrate that information and get to the people that they're targeting.
FIELD: So, Usman, we know about APTs, they've had lots of publicity, there has been lots of awareness, and yet the attacks are still pretty successful. Why is that? Is it just because they are so stealthy?
CHOUDHARY: It's certainly not because IT security people aren't smart enough, or fast enough, or not making the right investment. Security teams are making the right investments for sure. The attackers are highly organized, coordinated, they're motivated criminals and they're really looking for one loose brick in your wall. They can launch thousands of attacks, only one has to be successful, while the security teams have to stop and mitigate every single one. They're increasingly well funded and this is a very lucrative business. And attackers have also gotten a lot smarter and they share information. So the reality is, the dark element is much better at information sharing than corporations. That's all part and parcel of the reason why these things are continuing to be pervasive and increased.
FIELD: When you look across industry sectors and the different sizes of organizations, do you see that some organizations are perhaps more at risk to APT than others?
CHOUDHARY: Well, APTs have hit all sorts of different targets, ranging from military to defense contractors, oil companies, soft drink companies. The reality is there is no particular industry that is at more risk. The relative value of their data is the number one risk factor. And all data is valuable and all companies are at risk. So their customer data, partner data, healthcare data, employee information, like social security numbers, it's all valuable in the black market.
FIELD: Now, Usman, on a related topic, you've done some recent research about cyber extortion. Can you share some of those fascinating findings, please?
CHOUDHARY: Absolutely. We'll share some of that information, so at ThreatTrack, we have endpoint protection solutions for millions of consumers and businesses. We have malware analysis tools and Advanced Threat Protection solutions for the enterprise. So we're very well aware of the advance in emerging threats in transit, we were very curious about how many companies have recently experienced extortion and whether they negotiated for return of data. So we launched a survey to take the temperature of the market and the preliminary findings have been pretty interesting. We'll be releasing them very soon, but you know, I can share some of the sneak peak here. At the very basics, some companies are certainly more susceptible to cyber extortion. You have, as you know, most organizations do not want to talk about their breaches, certainly not cyber extortion. No one wants to talk about it. And if they're going to go pay to get the data back, it's certainly not going to be made public. We surveyed hundreds of U.S. IT security professionals within organizations of varying sizes and the interesting thing that we found that 38%, you know, roughly over one-third of respondents overall, have already experienced a situation with cyber extortion of some kind. And then, you know, we asked some interesting questions, if these respondents, these companies, would consider negotiating for it if they were certainly in the situation of cyber extortion, and you know, this is -- this data was pretty consistent across the board. Roughly one-third, or over one-third said, they would negotiate for their employee data or for their customer data, or negotiate you say, had certain IP or confidential, you know, executive communication. And so the fact that so many participants said they actually would negotiate, was really, really surprising.
FIELD: Usman, let's talk about solutions. Bottom line, what can security leaders be doing better to improve their defense against Advanced Persistent Threats?
CHOUDHARY: For one, I think if you look at it, effectively we could protect against these attacks. That's really the key, and what companies can do to protect against the attacks themselves. So when I look at it in the broader sense, we need to reframe how we think about cyber security. This is not a world where you can achieve 100% security. Organizations have limited resources, so they need to invest in smart technology that reduces the noise, connecting the dots and allows them to focus on what's really important. Secondly, I think that we have to put tools in the hands of these professionals so they have time to analyze what the threats really are. Even if they can detect it, they need to understand which parts of the organizations are at the highest risk and quickly find the area of most risk in the network, and the users that are under possible attack at the very earliest stage. And finally, they have to invest in people and malware researchers and other types of, you know, security professionals. They have to continue in their investment in that area. And these are the best, this is the best way to protect yourself from cyber extortion really is to prevent these attacks at the onset from happening and protecting your data.
FIELD: Usman, I appreciate your time and your insight today. Thank you so much for talking about APT and cyber extortion.
CHOUDHARY: Thank you, Tom, it was my pleasure.
FIELD: This is Tom Field for Information Security Media Group. Thank you very much.
[END OF INTERVIEW]