French cyber attack highlights the importance of knowing your network

hack

France’s Budget Minister, François Baroin, has confirmed that the French Ministry of Economy, Finances and Industry has been the victim of a ‘spectacular’ cyber attack since December 2010, aimed at extracting G20 files.

The minister indicated that the attacks came from addresses located outside of France while Patrick Pailloux, director general of the French National Agency for IT Security stated that it was the first attack to have targeted the French state on such a scale.

This kind of bold attack represents a sign of what is to come, as cyber warfare attempts between states increase in frequency and complexity .

As hackers become more sophisticated in their attempts to steal data, government bodies and indeed entire states are increasingly at risk. The external attack on the French government and the G20 nations shows that cyber warfare can strike at anytime and originate anywhere.

The traditional methods, such as anti-virus solutions and firewalls, aren’t infallible and they simply aren’t enough to ensure network security. Nation states therefore need to accept the inevitability of data breaches and take new courses of action to prevent similar incidents, which are both dangerous and embarrassing for the afflicted organisation.

Although the French government appears to be making progress in tracking down the hackers responsible for this attack, the damage, unfortunately, will already have been done.

Since the attacks began in December and have only just been blocked, the hackers have enjoyed a substantial holiday period during which to obtain confidential information. This delay in identifying and putting a stop to the breach is unacceptable and the provisions taken to ensure the security of the French systems are quite clearly insufficient.

Instead of relying on those traditional methods of security, in the hope that breaches will be fenced out, organisations need to learn to recognise breaches in real-time, so that appropriate action can be taken immediately. The only way to do this is to develop a comprehensive understanding of what normal operating procedures look like, so that organisations can spot aberrations as soon as they occur.

Unfortunately, many organisations are wasting the very resource that would enable them to do this. The IT systems for networks such as those of government bodies produce millions of logs each day, which, when collected and analysed via a centralised log management solution, provide an insight into every level of activity.

This data is then used to identify suspicious or unexpected events before alerting to and reporting on them. Using this kind of system ensures that attacks like those aimed at the G20 data are immediately recognised as anomalous activity and damage limitation can commence at a far earlier stage.

Ross Brewer brings to over 22 years of sales and management experience in high tech and information security. Prior to joining LogRhythm, he was a senior executive at LogLogic where he served as vice president and managing director EMEA. Ross has held senior management and sales positions in Europe for systems and security management vendor NetIQ and security vendor PentaSafe (acquired by NetIQ). He was also responsible for launching Symantec’s New Zealand Operations.