How to curb evolving cyber threats
Tuesday, July 24, 2007
| Written by Michael Murphy. Look internally to help strengthen your network security Gone are the days when teenage hackers vied for bragging rights for defacing a Web site or writing an annoying worm. In the past few years, a more sinister class of hacker has emerged. This individual hacks for financial gain and often uses quieter, more precise techniques. Here at home we have witnessed the growing vulnerability of our IT security landscape with many recent high profile security breaches jeopardizing the personal and financial data of millions of Canadians. Home users continue to get hit the hardest by cyber criminals. According to the latest Symantec Corp. Internet Security Threat Report (ISTR), released in March, consumers are the target of 93 per cent of all attacks. However, skilled and sophisticated online intruders are increasingly focusing on gaining access into the back-end systems of enterprises in hopes of harvesting valuable financial information such as credit card numbers and other confidential customer data. Not only does this greatly undermine an organization’s security infrastructure, but such a violation will undoubtedly have damaging effects to a corporation’s reputation. Emerging threats through technologies such as VoIP and wireless devices and applications have added a host of new avenues for security breaches. This rapid evolution of the IT threatscape facing most Canadian enterprises has led many organizations to focus more on securing and managing their infrastructure assets. In fact, a 2006 report by Symantec (Pulse of IT Security in Canada) revealed that 92 per cent of IT executives now rate security as a top five priority, up from 77 per cent in 2005. Despite this increase in priority for IT security, many Canadian organizations are still not doing enough to effectively ward off potentially debilitating online assaults. Continued vigilance includes employing improved security measures and strengthening policies to prevent Trojans, viruses and other risks. According to the semi-annual ISTR, one notable trend is the rise in Trojans — a program in which malicious code is contained inside what appears to be a harmless application or attachment, such as an email or files sent over chat systems like MSN or Yahoo! Messenger. Once the virus runs, the hacker is able to gain remote control over the machine, running commands with all of the user’s privileges to gain access to confidential information, such as credit card numbers. Trojans constituted 45 per cent of the top 50 malicious code samples, representing a 22 per cent increase over the first half of 2006. The ISTR also identified more than six million bot network computers worldwide during the second half of 2006, a 29 per cent increase over the previous period. Whether internal or external, attacks that compromise confidential information and data will be an ongoing challenge that enterprises need to address. Tackling these issues with an integrated strategy will help organizations maintain an effective level of IT security. A solid security practice that combines technologies, people and processes can prove to be a successful line of defense. Here are a few examples of key focus areas: Evaluating Needs: By identifying which operating products and services an enterprise actually needs and eliminating those that are unnecessary or redundant is a good first step towards reducing security risks. Removing unnecessary applications can decrease system vulnerabilities considerably while freeing up valuable resources such as disk and storage space. Moreover, attackers are now focusing less on striking servers and operating systems directly. There is a growing trend towards application-focused attacks, so instead of exploiting high-severity vulnerabilities, attackers are discovering and exploiting medium-severity vulnerabilities in third-party applications, such as Web applications and browsers. Having an understanding of the technical risks and how to identify and possibly mitigate common weaknesses associated with applications is essential to preventing an attack that could lead to the compromise of corporate systems. Integrated Approach: Online attackers often develop blended threats – those that use multiple methods and techniques to grow and infect. As a result, businesses need to employ integrated, multi-tier solutions that offer protection at the gateway, server and client tiers and incorporate antivirus, intrusion protection and firewall capabilities. Most security vendors offer integrated security solutions that are designed and tested to work together, minimizing potential gaps in security coverage. Since these products also monitor for different Internet security threats, they can significantly minimize the possibility of a security breach by blended threats when used together. For example, a firewall appliance at the Internet gateway can block malicious traffic from entering the network while antivirus software on each desktop and server can be used to detect attacks that may slip past the firewall. For additional security, intrusion protection solutions monitor network traffic for suspicious activity that escapes detection by both the firewall and the antivirus software. Update Security Patches:The elapsed time between the disclosure and widespread exploitation of an enterprise’s vulnerability continues to shrink. Since most viruses are based on known vulnerabilities, it is imperative that security patches are kept up-to-date. Keeping operating systems, applications and security solutions up-to-date with the latest security patches will help seal off many of the holes that malicious codes use to spread. Organizations that rely on mobile workers also need to be cautious of potential data loss through stolen or misplaced laptops and handheld devices. A data encryption solution offers enterprises a safeguard against network penetration in the event an employee’s laptop or PDA has been compromised. Encryption focuses on rendering data unusable even if it is accessed, making it an essential tool in the cyber security arsenal. Check Network Regularly: One integral practice that is often overlooked when securing a network is the collection of data forensics. Given that most Trojans use numerous ways to infect a system, a careful analysis of irregular network behavior can provide an early warning of an attack. Internet security best practices should include policies, procedures and standards for functions like logging, reporting and regular auditing system traffic. In addition, part of adopting a solid IT security practice requires enterprises to foster a corporate culture of security. By communicating and sharing best practices with employees, companies can build a sense of collective ownership and responsibility to protect and secure corporate data and information, whether it’s at the workplace or from a remote location. The battle to keep malicious attackers at bay is one both enterprises and consumers continue to fight. However, by being cognizant of existing and emerging vulnerabilities as well as weaknesses in IT infrastructure, organizations can armor themselves with the tools and solutions that will stop cyber criminals in their tracks. As major security breaches continue to afflict large organizations, compromising both corporate information and the personal information of its clients, Canadian enterprises can’t afford to remain complacent with their existing IT security practices. The ever changing nature of the online threatscape compels organizations to re-evaluate the state of their infrastructure now and for the future. Michael Murphy is vice-president and general manager, Symantec (Canada) Corp. |
|||
|
|||
