Who You're Up Against

1. Cybercriminals are individuals or groups that hack for profit, and are the biggest threat to small and mid-size business owners. Typical activity involves stealing credit card numbers, personal information from Twitter, Facebook, and email accounts, financial account information or personally identifiable information.
2. Nation State Attackers are individuals or groups employed by a government to penetrate commercial and government systems in other countries. Whether they are trying to steal information, disrupt the system, or destroy information, nation state attackers pursue their objectives using a variety of tactics. No government has publically come forward and acknowledged sponsoring cyber attacks, but foreign policy experts and researchers have confirmed their legitimacy. For businesses with links to government organizations, these attackers can be cause for concern.
3. Hacktivists, depending on their motivations, target various types of businesses. Motivated by political ideology rather than money, they often target websites that publish sensitive information, or entities with a symbolic value. In many cases, Hacktivists orchestrate DDoS attacks, flooding websites with bogus traffic.

How the Enemy Succeeds

1. Evading Traditional Signature-based Defenses

Traditional network defenses include next-generation firewalls and anti-virus solutions. These often involve reliance on pattern-matching signatures, rules and filters, and detect traditional forms of cyber attacks, including worms, Trojans, viruses, and others.

However, they can't handle today's new breed of cyber attacks. Advanced cyber threats often pass through security defenses undetected, giving attackers free rein within the system.

 Traditional network defenses fall short with the following:

• Zero-day attacks, which exploit previously unknown vulnerabilities in websites or applications that developers have had no time to address and patch
• Targeted attacks that penetrate your specific security infrastructure
• Polymorphic malware, which creates many new versions of itself with new binaries that don't match existing anti-virus signatures
• Blended attacks that use multiple channels (email, web, file) to infiltrate the network
• Advanced Persistent Threat (APT) malware, which can reside in your network for weeks or months without being detected, allowing attackers to acquire valid user credentials to move laterally across the network

2. Evading Anomaly-based Defenses

Intrusion Prevention Systems and Network Behavior Analysis solutions baseline "normal" traffic over the course of a period of time, allowing anomalies in user behavior and traffic can be more easily detected and flagged as risks.

Although Intrusion Prevention Systems are able to detect some events caused by advanced threats, the "slow and low" nature of Advanced Persistent Threat malware cause hem to be prone to false positives or false negatives.