User Password Register | Lost password?

Corporates must brace for blended attacks
Kaunda Chama — 30 July 2010

One of the sectors of the ICT industry that remains vibrant regardless of the global economic conditions is the security space and nowadays more so in the enterprise space. Last week TechTarget sat down with some industry experts to discuss the current state of the security sector and what corporates can expect in the next six to 12-month period.

It was established early that the days of a single solution to cater for a corporate’s security needs are far behind us and companies need to get as creative as the unscrupulous individuals or collectives that intend to penetrate their company ICT security barriers.

In the aftermath of South Africa hosting one of the biggest soccer spectacles, the Fifa Soccer World Cup, this is undoubtedly the perfect time to look at the local market and find out what the state of play is when it comes to security concerns and if local firms are adequately equipped to handle potential attacks.

As expected the amount of phishing has attempts increase dramatically in the two months before the event and during the time that the event was taking place.

According to Anre Jansen, information security specialist at Nedbank, the number of phishing attacks in May, June and July of this year were equal in total to those experienced in the whole of 2009. In particular banking phishing has seen a substantial increase as criminals continue to hoodwink unsuspecting Internet users out of their banking details to steal their money.

Grand Brown, security specialist at Symantec says that his company also saw a massive increase in phishing and spam over the same period adding that in general, the number of new threats skyrocketed.

“Based on the history that surrounds major sporting events shows that cyber threats increase almost over night. As you may know at one stage, the World Cup one of the most spoken about things on the Internet, so you can imagine how easy it is for criminals to use it as a way of getting into peoples’ mail boxes,” he comments.

Interestingly, the Fifa Soccer World Cup was not used as bait as much as most specialist expected and all attendees seemed to agree that it was the event did bring South Africa into the limelight but the criminals used other subject matters to hook their prey.

“If you look at South Africa at the moment, now that bandwidth has become cheaper and more and more people are connecting to the Internet, one must also bear in mind that most of these people are first-time Internet users but in the same light the banking sector has done a great job of educating their customers on the risks that come with banking online,” says Maiendra Moodley, Principal Consultant, Security, CA Southern Africa.

He adds that that now that South Africa has gotten more international exposure it has now become a target for attacks.

Moodley stresses that although we did see an increase of attacks during the Soccer World Cup, it should not be taken for granted that the world cup was its only cause.

Brown comments that according to a recent report published by his company, emerging regions are becoming major targets as their technology adoptions grow and that being couple with major events makes even more attractive targets for cyber attacks.

“South Africa has now moved up to the 23rd most targeted country when it comes to cyber malicious activity in the EMEA region,” he says.

Jansen says that locally and internationally, what has really picked up is the amount of malware that is out there and that vendors are really struggling to keep up with its growth.

“At the moment is has advanced from being used to make malicious damage to stealing sensitive information like users’ login details to acquire secret documents and banking and account details,” he notes.

Current State
Jansen says that malware is definitely on the rise and is spreading mostly through email and memory sticks and the malware has shifted from being destructive to being more targeted at identity theft.

“Another thing that we are seeing in South Africa is an increase in local and regional spam and people abusing the ECT act which states that people are allowed to opt out as opposed to opt it so in, so people can continue to send you span until you decide to opt out,” he explains.

Moodley states that currently, especially on the anti virus side, security solution vendors are always playing catch up with the criminals because it has remained a reactive process.

“The biggest challenge with this situation is that companies are never going to able to give their customers a guarantee against a zero-day attack. What companies like ours are doing is that we are looking at ways of securing the Kernel itself so that an entire workstation can be locked down for better security,” he explains. “This does not mean that one does not need an anti virus, it just provides them with an additional level of defense. By locking down Kernel access we are able to control what a virus can do.”

He says that although security has matured from being a grudge purchase, a lot of corporates still perceive security vendors are just selling them fear of possible doom and gloom “if and when they fall victim to an attack”.

“The education process for us now is making corporates understand that having an antivirus is all part of a tiered security solution, because even when one looks at enforcing complicated passwords in companies they can be obtained using social engineering,” comments Moodley.

One option that security vendors reinvestigating is biometrics, but even this has its challenges, hence the general understanding that each corporate has unique needs and with this in mind needs a solution tailored to those needs.

According to Helen Constantinides, IBM security specialist the biggest threats this year according to her company’s findings, this year is, are all associated to web applications.

“We found that phishing is just a portion of the threat (10%) and malware accounts for 15% while 50% of the exploits are all coming from web applications,” she says.

She adds that at development stage, companies should ensure that they scan their web applications and ensure that they are able to be protected now and in the future to avoid potential problems.

Gaf Khan, security business development manager at Cisco comments that at present, there are about five devices connected to the Internet per person, which makes the connected environment a playing field for malicious software targeted at web applications.

His says that by 2013 this figure to increase to about 140 devices per person, which will increase potential threats by many folds.

Moodley on the other hand is of the view that social engineering is more of a bigger threat than attacks on web applications adding that it will also have the knock on effect of identity theft.

“In today’s environments, people have become so comfortable with social media websites that they are willing to give away more information than they have in the past and with this they make themselves much easier targets for social engineering,” he explains.

Security awareness seems to be going backwards in the age of social networking and most of them have single sign-on to a number of different sites and with all the personal information users are freely giving away on these sights, they are almost sitting ducks for identity theft.

Education and practices
it is generally accepted that when it comes to training and awareness creation, the responsibility of this should come from the top down. C-level executives should fully understand the best practices in security and feed that to the rest of the company.

At the same time Constantinides believes that vendors such as her company should keep on enhancing their tool sets and solutions such that they do not just become vaults that lock up information but become very intrusive but also allow for business continuity.

She stresses that intrusion detection solutions should get a lot more focus because they are more proactive than reactive and are able to pick up potential dangers in real time.

Agreeing with Constantinides, Moodley says that at the end of the day its is about putting effective security policies and solutions in place and training concerned people and being rigorous about that the fact that those policies are followed properly.

“Technology in itself is not a solution. If you do not train your staff properly they are effectively useless. The tools are only as effective as the person in whose hands they are. So vendors can make the best tools, but they can not take away the human element or responsibility,” he comments.

This he says is one of the biggets challenges that vendors have when selling solutions to companies: Making them understand that their internal practices also affect the effectiveness of the solutions they purchase and implement.

Looking ahead
Looking ahead, it looks as though that companies need to go back to basics and understand the principles of security before they chose what solution they need.

Local enterprises seem to be forgetting that even if they implement the best security solution on the market, if their workforce does not understand policies and do not adhere to the best practices, they still remain very vulnerable to being victims of cybercrime.

In addition to this getting the solution in place and drawing up policies should be backed up by actually enforcing those policies so that risk is kept to a minimum.

Other Security Skills itemsOther Enterprise security itemsRelated Articles
Share this article...:
  • Delicious
  • Digg
  • Reddit
  • Amatomu
  • Slashdot