Feeds

What are the security threats?

Sophisticated Malware or just People?

  • alert
  • submit to reddit

SANS - Survey on application security programs

"Security", as the first article in this series points out, can always be found near the top of the list of concerns of every IT manager and IT director. Unfortunately the same subject can also manage to not quite make it onto the more important list of things to do something about now.

Over the years, a diverse array of solutions has come to market, each of which claims to enhance different aspects of an organisation's IT security. Many can, indeed, enhance the capabilities in one or more areas. But security technology is only effective when deployed appropriately and, more importantly, when used correctly – by everyone in the business. And of course, security is not a one-shot operation – it cannot be assumed that the measures put in place a couple of years ago will still be appropriate today.

So this brings us to the question of what are the threats and weaknesses that must be guarded against and resolved? Several areas must be assessed. These include a direct appraisal of existing technological threats- perhaps the area most normally associated with IT security deliberations - as well as looking at how people use IT systems and the processes associated with routine business operations.

To build a reasonable picture of the threats we first need to acknowledge that the majority of corporate security breaches come about because internal staff do something that they should not or, just as likely, do not do something they should. All the same, external challenges are becoming more sophisticated as the months go by – and even ‘good’ security behaviour may not be enough to protect against all threats.

So what are the most important threats and security weaknesses that challenge business IT today? Last year, we surveyed The Register Tech Panel to find out what what they thought. Here is one finding:

The figure above shows that even for the better-understood security challenges such as virus infections, spam, external hackers and other outside threats and annoyances, there is still a sizable community (nearly one of three) that do not consider themselves to be well protected. Issues such as anti-viral protection and systems that can scan files before they are read or executed are now a common feature of most business systems. But, as in all areas of IT, the authors of malicious code are always moving forward.

New infection vectors are being exploited, with “drive by” infections gaining particular notoriety. Here, when a user access a compromised web site, often sites of respectable entities, the web browser itself is used to insert malicious code, key loggers or Trojans onto the user’s machine. In some parts of the world this route of infection has reached similar levels as the more traditional infected email attachment. Another vector, namely infection via the use of compromised USB sticks, has become prevalent in parts Asia-Pacific.

The motives of those creating the new threats have changed dramatically over the past few years. No longer are malware authors releasing their creations just to garner notoriety or to inconvenience people. Today’s malware is more usually created with financial goals in mind as the authors, individually or in groups, try to get hold of data that can be transformed into monetary rewards. Password stealers, credit card and account number / PIN seekers are now routine targets of malware infection, with the authors of the infection either using the information themselves or selling it on for others to exploit. Identity theft should now be a major consideration for all IT systems users, at work and at home.

By the People

The figure above highlights other areas of concern for those charged with securing IT systems, and these fall very firmly into the ‘people’ space. Broadly speaking, these can be classified under the headings of ‘data leakage’ and deliberate misuse. As can be seen, a half of organisations consider themselves to be well protected against third parties breaching security from inside the firewall. Of more concern, less than a third of respondents considered their organisations to be well protected against their own staff deliberately breaching security.

These results support the often unvoiced concern that the most serious security challenges are to be found inside the enterprise, rather than outside. Data leakage, or staff inadvertently breaching security, say by losing their PC or smart phone full of encrypted data, or giving someone a USB stick loaded with sensitive data, can result in considerable financial loss and brand damage. But our survey shows that just over 40 per cent of organisations think they are reasonably well protected against this myriad of threats.

These are all real threats and the current dark economic climate, along with the increasing proportion of the world’s population getting online, is likely to exacerbate the dangers. Coupled with trends such as the rise of home working and managers looking to access corporate systems, wherever they may be, will make securing the enterprise even more demanding. An additional challenge comes from the use of new business services and technologies such as SaaS and virtualization. The need for those responsible for security to know just what equipment and users they must protect, what they do and how they work has never been clearer.

To deliver effective, secure IT services one must understand what IT assets are deployed in the company, for what they are being used and by whom.

In many organisations the quality of this knowledge is usually neither sufficient nor up to date, and in future articles we shall discussthe role of assessing existing infrastructure and developing appropriate policy. Without such an understanding, it is impossible to evaluate the nature of any potential threat, to recognise when usage patterns diverge from the expected and hence be in a position to implement appropriate security measures across the IT portfolio and indeed the organisation as a whole. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.