Intel: Data loss from cyberattacks is inevitable

Intel has admitted it is "inevitable" that some cyberattacks will successfully steal data from the company, and it has acknowledged it needs to work harder to secure its intellectual property from well-financed network infiltrations.

New attack methods, such as slow-burning advanced persistent threat (APT) targeting or the orchestration of network penetration by distributed, large-scale botnets, means Intel cannot stop data leaking from its organisation, according to Perry Olson, Intel's senior director for strategic response and global activities.

"[Network] compromise is inevitable, data loss is inevitable, what do we do? The threat vectors we've seen have changed drastically," Olson told ZDNet UK on Monday.

In 2003, the chipmaker saw "big distributed denial-of-service attacks" meant to make a lot of noise and to demonstrate hackers' ability to take Intel off the network, he said. "Now we're starting to see APTs and botnets," he added.

SecurID breach

These types of pernicious attacks are much more dangerous, according to Olson. As an example, he pointed to the attack on RSA in March that compromised SecurID, the token-based security system used by global telecoms providers and companies such as Lockheed Martin to secure their networks.

[Network] compromise is inevitable, data loss is inevitable, what do we do? The threat vectors we've seen have changed drastically.

– Perry Olson, Intel

The RSA breach was accomplished via a socially targeted attack that took control of an RSA employee's computer, then escalated further into the network, to end in the compromise of the SecurID codes, Olson said.

"RSA was a big wake-up call," he said. "In the past, the SQL [injection] slammer guys weren't well financed. APTs and botnets are well financed; you can point them to nation states, but we can't prove anything."

In the face of such attacks, Intel has to alter the ways it protects itself, Olson noted. Previously when under attack, the company used to prioritise taking its network off the internet. Now it adopts a honeypot technique, in which it sometimes keeps parts of its network online so it can understand the nature of the attacks and defend against future attempts better, he said.

"Our IP [intellectual property] is extremely important to us, our IP related to the design and manufacture of our product — how do we protect that?" he said.

Patterns of usage

One of the ways Intel is securing its sensitive corporate data is by classifying it according to its relative importance, and then applying more stringent security measures as the sensitivity of the data increases, Olson said.

For instance, the company has software that monitors patterns of usage for Intel applications by specific people. It introduces more security measures as a pattern deviates from the norm — for example, if a person logs in during the night from Manila when they typically log in from 9am to 5pm in Portland, Oregon.

Olson said it is difficult to apportion blame for cyberattacks to specific nations, as there is no ironclad way of proving an attempt coming from a specific IP address in a country has its origins in that country. However, he did acknowledge "the amount of cyberattacks we've seen coming out of China may be bigger" than from other countries.

Intel plans to tightly integrate its internal security apparatus with in-development technology gleaned from its purchase of security specialist McAfee, ZDNet UK understands. More details are expected to come through during the Intel Developer Forum (IDF), which starts on Tuesday in San Francisco.