02 Oct 2012

Criminal, silent and costly

Why new security challenges are forcing businesses to rethink their approach. Whether it’s staff bringing their own devices to work or creating holes in the network using personal Cloud services, the task of securing business networks may never have been harder. Certainly, the landscape is changing fast – so much so that EMC’s Marketing CTO Clive Gold is prepared to declare that the ‘reactive’ way many businesses approach security is no longer valid. “The idea of the organisation as a castle protected by firewalls, anti-virus and other perimeter safeguards is no longer adequate,” says Gold. What’s changed is not only the rise of Cloud and mobile technologies, but also the nature of the external threat. “Four years ago outside trouble often meant kids playing with scripts and executing attacks for bragging rights,” says Sean Kopelke, Director of Symantec Australia’s Strategic Sales Group, “but over the last 18 months there’s been a notable shift towards highly technical attacks executed by organised crime.” Gold agrees, “The threat is now criminal and the motive is profit.” Two things distinguish this new brand of threat. First, the attacks are highly targeted. Second, they’re deceptively quiet. Kopelke says that intruders now focus on obtaining access to networks while staying hidden, siphoning out intellectual and commercial secrets, or credit and identity information which they then seek to exploit or sell. Security by the numbers Statistics from Symantec illustrate how this threat has evolved. 2011 saw an 81% increase in malicious attacks compared to 2010. The number of malware variants increased 41% and web attacks rose by more than a third. While spam email happily decreased from 62 to 42 billion messages a day, perhaps the most concerning observation is what Symantec refers to as the ‘rising tide of advanced targeted attacks’. These are not only a challenge for big business, Kopelke says. Indeed, 18% of advanced attacks were directed at organisations with fewer than 250 staff, and complex attacks were evenly split between SMEs and larger enterprises. “The biggest misconception among small, and even mid-sized, businesses is that they are too insignificant to be worth going after. Clearly, hackers have concluded otherwise.” This post is from the article “Criminal, silent and costly” published in the first edition of The Buzz. To read more, click here: The Buzz Magazine.