It is often said that security tools such as firewalls, antivirus programs, etc.

Question

It is often said that security tools such as firewalls, antivirus programs, etc. are only effective against random, untargeted attacks. If you are specifically targeted by an intentional, professional attacker (e.g. state sponsored, NSA, Chinese state attacker, or competitor looking to steal trade secrets) then most of these protections are useless. Is this true?

If it is true, then what tools or techniques make a targeted attack from a professional attacker different? Does the attacker have a significant advantage over me? What strategies can I employ to reduce the risk of a successful attack?

Explanation / Answer

All of security can be boiled down to threat modeling, risk assessment, risk management, and risk mitigation. So no, defenses designed to protect against non-targeted attacks are not likely to do well against targeted attacks.

What makes a targeted attacker (or what you call a "professional attacker") different? Simply the intelligence and money they're willing to employ to attack you specifically.

So, yes, if someone is willing to spend the money and time and effort to attack you specifically, then they have an advantage. The strategy to defend would be to recognize that these sorts of attacks are a realistic threat scenario in your risk model, and implement controls to manage and mitigate these risks.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.