The LANAIR Connection

Security Watch List: How to Safeguard Your Company
The article re-printed courtesy of IBM ForwardView eMagazine

Security breaches continued to make big headlines in 2009. And the outlook for 2010 is that we are likely to see more Internet-based breaches as more activity occurs online via browsers and e-mail. That's largely because the paradigm has shifted in the way we work, behave as consumers and even interact with each other. As more systems and devices become interconnected, we're harnessing new ways of communicating, accessing shared systems and information. But this progress also exposes organizations to risk by creating more entry points for hackers.

According to Daniel Holden, project manager at X-Force, IBM's renowned security research organization, "The simple fact of the matter is there are more and more hosts, more and more people on the Internet every day," Holden explains. "There are more applications put on the Internet every day. It is going to get worse just because of the numbers involved." Holden should know. The X-Force team is one of the best-known commercial security research groups in the world. This group of security experts researches vulnerabilities, develops assessment and countermeasure technology, and advises the public on emerging Internet threats. And it does so by analyzing millions of intrusions and billions of Web pages annually.

So how do you safeguard your company against security breaches that U.S. Secretary of State Clinton has described as being the electronic equivalent of weapons of mass destruction? Understanding where security threats are most likely to hit can help your business take the appropriate measures to avoid becoming a cybercrime statistic.

The usual suspects get stronger
Threats to your information and your business come from a rogue's gallery of attacking programs and activities that range from the annoying to the utterly destructive. For example, adware can crimp productivity with unwanted pop-up ads, but if it also contains spyware, it can stealthily collect user information. Viruses corrupt shared files to infect systems, while their cousins the Internet worms simply self-replicate to leave a trail of damage in their paths.

"We're not out to discover the most vulnerabilities, but really trying to discover vulnerabilities in critical infrastructure or applications that are used across the board, whether that be large enterprise, small and midsized businesses, or home users," Holden explains. "We're really looking at vulnerabilities that attackers are going to leverage in the future, the most critical vulnerabilities we think could really affect the overall Internet. I'd say a big difference between X-Force and a lot of other security R&D lab organizations is we are doing a lot of active development. We're following up that research and analysis with new technology."

The group's research reveals disturbing trends. In the first half of 2009, the group analyzed over 10 billion Web pages and images and discovered that over 150 million intrusion attempts occur every day. What's more, this research documented 40 million spam and phishing attacks, along with over 3,000 new vulnerabilities found in businesses of all sizes. One of these threats, Trojan horses—which give hackers remote access to computer systems—appears to be becoming more prevalent, Holden says. "Trojans can be delivered in a variety of ways—it's not just attachments in e-mail anymore," he says. "They really are trying to fool anyone into clicking on something and being redirected many times to a malicious site."

The attack surface becomes a bigger target
Statistics about the increase in malicious Web links are part of a larger trend. According to X-Force research, over half of all vulnerabilities involve Web applications and can be found in the ways we access the Internet.

"On a day-to-day basis everyone generally uses three things: telephone, e-mail and Web browser," Holden says. "Many times you access your e-mail through your Web browser. Many times you have your Web browser and e-mail on your phone. These kinds of applications reach across to every single one of us, and that is a very, very attractive target."

As the world's systems become more interconnected and smarter it opens up new possibilities for progress. Unfortunately it also opens up more opportunities for cyber criminals to exploit. All the activity on the Internet makes it an attractive target, or what security experts call an attack surface. As Holden explains, "Hackers can subscribe to RSS feeds just like any of us can and really do market research that leads them to a larger attack surface and a larger audience for them to attack. They have really been able to mature their own processes.”

This maturity does not bode well for unprepared companies. "Looking at 2010, social networks and social engineering are really going to come together," Holden explains. "Attackers get a pretty good return by simply tricking people. So it's not always about doing something malicious. If they [hackers] can social engineer someone into clicking on something malicious or opening something malicious, that also provides a very good return for them."

Defending against a possible attack requires companies get savvier about identifying, assessing and monitoring risk in order to mitigate the impact of security-related incidents, and that means adopting a proactive approach to security across all the layers of the business.

Proactive approach saves money in the long term
Fortunately, most security threats can usually be prevented with traditional perimeter defenses like firewalls and virus scans along with internal protections, such as intrusion prevention technologies and security software. As Holden recommends, "You have to think about bringing multiple technologies together so that you can tackle these threats."

"Organizations have to be ready where attackers might be chasing them.""It's a whole lot better to be proactive and invest than it is to be reactive and lose money," Holden advises. "Put yourself in a position where you're blocking attacks rather than reacting to an infection." Implementing tools and technologies to manage and automate security elements can save time and effort. This helps companies work smarter by enabling them to pursue initiatives that drive growth, rather than remediate the effects of malware.

Being proactive takes a commitment to improving processes and systems. Going about these improvements can start with identity and access management policies, Holden says. "Whether the end user likes it or not, when there is more policy enforcement, you do cut down your risk," he says. "And security is about risk management." And with this commitment in place, companies can safeguard information vital to becoming more agile in a fast-changing global marketplace.

Holden also says that security solutions should provide both visibility into threats and automated ways to prevent these intrusions. This not only reduces cost and complexity, but also goes a long way toward saving time and effort so internal IT staff can work smarter rather than harder. Some of the solutions Holden suggests midsized businesses consider working on include URL filtering, network scanners, intrusion prevention technologies and application security systems.

Staying current secures the future
Looking toward the future, security will continue to be a bad news/good news scenario. While attack surfaces will tempt cyber criminals, these surfaces can be protected. "The problem, of course, is that the infrastructure is changing," Holden observes. "So when we start to use things like wireless and VPNs, attackers are going to follow us there. Organizations have to be ready where attackers might be chasing them."