How to curb evolving cyber threats
By Michael Murphy
Gone are the days when teenage hackers vied for bragging rights for defacing a Web site or writing an annoying worm. In the past few years, a more sinister class of hacker has emerged. This individual hacks for financial gain and often uses quieter, more precise techniques.
By Michael Murphy
Here at home we have witnessed the growing vulnerability of our IT
security landscape with many recent high profile security breaches
jeopardizing the personal and financial data of millions of Canadians.
Home users continue to get hit the hardest by cyber criminals.
to the latest Symantec Corp. Internet Security Threat Report (ISTR),
released in March, consumers are the target of 93 per cent of all
attacks. However, skilled and sophisticated online intruders are
increasingly focusing on gaining access into the back-end systems of
enterprises in hopes of harvesting valuable financial information such
as credit card numbers and other confidential customer data.
only does this greatly undermine an organization’s security
infrastructure, but such a violation will undoubtedly have damaging
effects to a corporation’s reputation. Emerging threats through
technologies such as VoIP and wireless devices and applications have
added a host of new avenues for security breaches. This rapid evolution
of the IT threatscape facing most Canadian enterprises has led many
organizations to focus more on securing and managing their
fact, a 2006 report by Symantec (Pulse of IT Security in Canada)
revealed that 92 per cent of IT executives now rate security as a top
five priority, up from 77 per cent in 2005.
Despite this increase in priority for IT security, many Canadian
organizations are still not doing enough to effectively ward off
potentially debilitating online assaults. Continued vigilance includes
employing improved security measures and strengthening policies to
prevent Trojans, viruses and other risks.
to the semi-annual ISTR, one notable trend is the rise in Trojans — a
program in which malicious code is contained inside what appears to be
a harmless application or attachment, such as an email or files sent
over chat systems like MSN or Yahoo! Messenger. Once the virus runs,
the hacker is able to gain remote control over the machine, running
commands with all of the user’s privileges to gain access to
confidential information, such as credit card numbers.
Trojans constituted 45 per cent of the top 50 malicious code
samples, representing a 22 per cent increase over the first half of
2006. The ISTR also identified more than six million bot network
computers worldwide during the second half of 2006, a 29 per cent
increase over the previous period. Whether internal or external,
attacks that compromise confidential information and data will be an
ongoing challenge that enterprises need to address. Tackling these
issues with an integrated strategy will help organizations maintain an
effective level of IT security. A solid security practice that combines
technologies, people and processes can prove to be a successful line of
Here are a few examples of key focus areas:
Evaluating Needs: By identifying
which operating products and services an enterprise actually needs and
eliminating those that are unnecessary or redundant is a good first
step towards reducing security risks. Removing unnecessary applications
can decrease system vulnerabilities considerably while freeing up
valuable resources such as disk and storage space. Moreover, attackers
are now focusing less on striking servers and operating systems
is a growing trend towards application-focused attacks, so instead of
exploiting high-severity vulnerabilities, attackers are discovering and
exploiting medium-severity vulnerabilities in third-party applications,
such as Web applications and browsers. Having an understanding of the
technical risks and how to identify and possibly mitigate common
weaknesses associated with applications is essential to preventing an
attack that could lead to the compromise of corporate systems.
Online attackers often develop blended threats ”“ those that use
multiple methods and techniques to grow and infect. As a result,
businesses need to employ integrated, multi-tier solutions that offer
protection at the gateway, server and client tiers and incorporate
antivirus, intrusion protection and firewall capabilities. Most
security vendors offer integrated security solutions that are designed
and tested to work together, minimizing potential gaps in security
coverage. Since these products also monitor for different Internet
security threats, they can significantly minimize the possibility of a
security breach by blended threats when used together.
For example, a firewall appliance at the Internet gateway can block
malicious traffic from entering the network while antivirus software on
each desktop and server can be used to detect attacks that may slip
past the firewall. For additional security, intrusion protection
solutions monitor network traffic for suspicious activity that escapes
detection by both the firewall and the antivirus software.
Update Security Patches:The
elapsed time between the disclosure and widespread exploitation of an
enterprise’s vulnerability continues to shrink. Since most viruses are
based on known vulnerabilities, it is imperative that security patches
are kept up-to-date. Keeping operating systems, applications and
security solutions up-to-date with the latest security patches will
help seal off many of the holes that malicious codes use to spread.
Organizations that rely on mobile workers also need to be cautious of
potential data loss through stolen or misplaced laptops and handheld
devices. A data encryption solution offers enterprises a safeguard
against network penetration in the event an employee’s laptop or PDA
has been compromised. Encryption focuses on rendering data unusable
even if it is accessed, making it an essential tool in the cyber
Check Network Regularly: One
integral practice that is often overlooked when securing a network is
the collection of data forensics. Given that most Trojans use numerous
ways to infect a system, a careful analysis of irregular network
behavior can provide an early warning of an attack. Internet security
best practices should include policies, procedures and standards for
functions like logging, reporting and regular auditing system traffic.
In addition, part of adopting a solid IT security practice requires
enterprises to foster a corporate culture of security.
communicating and sharing best practices with employees, companies can
build a sense of collective ownership and responsibility to protect and
secure corporate data and information, whether it’s at the workplace or
from a remote location.
The battle to keep malicious attackers at bay is one both
enterprises and consumers continue to fight. However, by being
cognizant of existing and emerging vulnerabilities as well as
weaknesses in IT infrastructure, organizations can armor themselves
with the tools and solutions that will stop cyber criminals in their
As major security breaches continue to afflict large
organizations, compromising both corporate information and the personal
information of its clients, Canadian enterprises can’t afford to remain
complacent with their existing IT security practices. The ever changing
nature of the online threatscape compels organizations to re-evaluate
the state of their infrastructure now and for the future.
Michael Murphy is vice-president and general manager, Symantec (Canada) Corp.