How To Protect Against


Where do Current IT Threats Lurk? Five Steps to Protect Against Cyber-Attacks

Viruses, worms and simple malicious code were the most frequent threats to the IT landscape before the turn of the new millennium. A signature-based protective mechanism in the form of an anti-virus program was sufficient to provide adequate protection against standard cyber-attacks. Today’s IT threats on companies are far more sophisticated and require special layers of protection, especially for critical infrastructures. We show how companies can take five meaningful steps to equip themselves in the face of cyber-attacks.

The current Internet Security Threat Report by Symantec  has shown that attackers proceed in an increasingly purposeful manner when targeting their victims. They have their sights set on large and medium-sized enterprises in particular. The security industry speaks of an Advanced Persistent Threat (APT) . The Symantec report indicates that attackers compile detailed information on the companies before proceeding. The aim is to find out how the company is structured, which employees are likely to have the most extensive access to the systems, which websites the employees use to obtain information on a daily basis, and so on.

A mere glance at the example of the “Dragonfly” attack  shows what an ATP may look like:

Fig. 1: The Dragonfly attack as an example of APT, source: Symantec

The diagram shows how the complete “Dragonfly” attack campaign unfolded. From 2013 it affected energy companies in the following countries:

Fig. 2: Top 10 countries according to active infection, source: SoftwareONE

Dragonfly is a hacker community that most likely is situated in eastern Europe. After initially concentrating on airlines and defense companies, it switched its interest from 2013 onwards to industrial enterprises involved in the energy sector. Here, Dragonfly proceeded in an extremely professional way, infecting software used in industrial control systems with a specific Trojan. It entered the IT environment of the energy companies via software updates (shown green in fig. 1), giving the hackers unfettered access to the networks.

The hacker group also conducted other cyber-attacks. First they targeted selected employees in the companies, sending them phishing mails  (shown blue in fig. 1), while at the same time performing so-called watering hole attacks (shown red in fig. 1) that infect websites with malicious code. Dragonfly succeeded in using the malicious code to export system information, copy documents and view addresses in Outlook or the configuration data of VPN connections. The Symantec Security Report states that the data was then encrypted and sent to the hackers’ command-and-control server.

There is no doubt that the hackers not only succeeded in siphoning off all information, but that they also managed to inject their program code into the control software, thus placing the technical systems at their fingertips. A worst-case scenario would have involved substantial disruption to the energy supply in an affected country.

How to Protect IT Systems Against Cyber-Attacks

This example demonstrates clearly that an Advanced Persistent Threat can continue over several months, sometimes years, and that it might involve a broad array of different attack channels. Would companies today be able to quickly detect this kind of threat and assess the risk to their operations based merely on their regular security software?
– Our experience has shown that “No” is the answer to this question.

A study conducted by ISACA reveals that 33% of companies are not convinced that they are properly protected against cyber-attacks or able to respond appropriately to an APT. Protection against these versatile threats requires a multi-level solution and intelligent security.

5 Steps to Ensure Sufficient Security

Fig. 3: Five steps to protect against cyber-attacks, source: Symantec

Step 1: Prevent

Companies need to remove their blinkers and get prepared for a genuine emergency. It can hit anyone. They must prepare strategies and emergency plans, and become familiar with their vulnerabilities. After all, they would know exactly how to proceed if a fire breaks out in the building, is that not true?
Note: Risk analysis

Step 2: Implement protective measures

A well-guarded endpoint is the best method to protect against cyber-attacks, or rather APTs. Here, an array of different defense mechanisms should ensure that threats cannot even penetrate the IT network. With increasing frequency this concept is complemented by a coordinated security setup in which a variety of solutions communicate and share context information. This can speed up detection and automate responses.


Step 3: Detect

A large number of different methods for malware identification already exist. Current knowledge must be exploited to make a reasoned decision on which strategy is best for deployment.


Step 4: Respond

Malware needs to be completely removed leaving no residual traces if a network is infected. It is then necessary to guarantee that the endpoint is secure. In order to prevent similar cases in the future, it is imperative to identify when and how the malicious code gained access to the network.

We recommend the following solution to deal completely with items 2–4:

Symantec: Advanced Threat Protection Endpoint, Network & Email
Sophos: Next-Generation Endpoint Protection
Trend Micro: TippingPoint Advanced Threat Protection Family


Step 5: Recover

Suitable backup software should be used to restore the data once the system has been cleaned up.

We endorse the following vendors:

  • Acronis
  • Veritas
  • Arcserve
  • Our Assessment

    We frequently hear that finding suitable IT security experts and creating adequate resources needed to analyze data from various solutions present significant challenges to companies.

    Many companies struggle with the same difficulties as shown in the following diagram.

    Fig. 4: The IT security challenges facing companies, source: Ponemon Institute 2015, "2015 Global Study on IT Security Spending & Investments"

    There are plenty of opportunities to ensure sufficient protection against cyber-attacks in companies, whether it is training to sensitize employees for the issue of data protection or to conduct an extensive IT security audit. IT service providers like SoftwareONE can help in this respect.

    Security as a Service

    SoftwareONE’s Managed Security services provides proactive protection from today’s security threats while enhancing compliance. Secure your users and your cloud. Request support today.

    SoftwareONE Managed Security Services
    • Managed Security
    • ATP, Security, Ransomware, Cyber Attack

    Comment on this article

    Leave a comment to let us know what you think about this topic!

    Leave a comment


    Blog Editorial Team

    Trend Scouts

    IT Trends and industry-relevant novelties

    Related Articles

    Cyber Security Update, October 2022
    • 15 November 2022
    • Bala Sethunathan
    • Managed Security, Cybersecurity User Awareness, Cybersecurity
    • Cyber Security, Cyber Threats, Security

    Cyber Security Update, October 2022

    Get the latest in Cyber Security news, breaches, trends and preventive measures from SoftwareONE’s October Cyber Security Update

    Cyber Security Update September 2022 | SoftwareONE Blog
    • 18 October 2022
    • Bala Sethunathan
    • Managed Security, Cybersecurity User Awareness, Cyber Threat Bulletin, Cybersecurity
    • Security, Azure, Data Breaches

    Cyber Security Update, September 2022

    Get the latest in Cyber Security news, breaches, trends and preventive measures from SoftwareONE’s September Cyber Security Update

    5 Simple steps
    • 23 August 2022
    • Joe Morley
    • Managed Security, Nonprofit Transformation, Digital Transformation
    • Cyber Security, Cyber Threats, Strategy

    Getting Started with a Cyber Security for NPOs: 5 Simple Steps

    Nonprofits hear about security a lot. Let’s take it back to basics. This second post outlines 5 simple steps to protect your NPO.