Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
This past week several very prominent American news organizations publicly admitted having their computer systems hacked into, and explicitly blamed the Chinese government:
“Chinese hackers suspected in attack on The Post’s computers” – The Washington Post
“A Cyberattack From China” – The New York Times
“Chinese Hackers Hit U.S. Media” – The Wall Street Journal
There are several aspects of these events that seem to herald a change in this now familiar story of computer breaches reportedly being conducted by the Chinese. First is the public acknowledgement of the targeting of an apparent industry / sector – by that sector itself. (Obviously, the oil and financial services sectors have been explicitly targeted previously, but companies within those sectors did not openly discuss the issue of computer hacking / breaches, nor which nation was believed to have conducted the attacks.) Second, the prominence of the companies targeted within that sector. And, third multiple targeted companies blaming the Chinese concurrent with breach disclosure – not months or even years later.
What should also be glaringly obvious to information security practitioners by now is that traditional information security tools are almost useless in preventing or detecting these breaches in near real-time. The Washington Post admitted that the intruders gained (unauthorized) access to its computer systems in 2008 or 2009 – and were not discovered until 2011. So, for at least two years, intruders were inside the Post’s computer systems undetected. What is unusual here is not the period of time during which the intruders were undetected – only the public admission of such.
So, if your organization is still relying on a SIEM to help detect such intrusions, maybe you the information security practitioner should rethink that approach. Clearly, we have to do better than we are. The overused and overhyped APT acronym is not looking so advanced anymore – it is rapidly becoming routine.
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.