Jump to first occurrence of: [EVOLVING] [SECURITY] [THREATS]
That security threats remain a top concern among data center managers comes as little surprise. What might surprise some, however, is that the threat landscape has been dramatically altered in recent years, such that the average worm proves nearly laughable compared to the more devious threats facing enterprises today.
In 2007, I expect that we will see the current threat trends continue—namely the move by criminals away from large-scale cyber attacks in favor of more targeted attacks, with a specific focus on stealing confidential information for financial gain via identity theft and even extortion, says Ron OBrien, senior security analyst with Sophos (www.Processor.com/Sophos1).
A recent report by Computer Economics (www.computereconomics.com) discovered that insider misuse and unauthorized access by insiders ranks as the highest security concern among IT professionals, with spam, malware, and unauthorized access by outsiders following closely behind. The report also noted that other concerns are somewhat prevalent, including physical loss or theft, electronic fraud, and denial of service attacks. While extortion ranked last in the study's list of security concerns, Computer Economics noted that enterprises are likely to underreport occurrences of extortion to avoid the inevitable publicity.
Threats Follow Data
Richard JB Campbell, founder and CEO of Securiant (www.securiant.com), says the top threats facing data centers today ultimately emerge from data convergence, flaws in authorized channels and business procedures, data in transit, and insider access. These occur not only within large enterprises but also in small to midsized enterprises that either house their own data centers or colocate them externally.
With the power of the network and how networking technologies are leveraged today, wide sets of data are brought together and housed in databases which reside in the data center, Campbell says. This includes passwords, email, voicemail, etc. With so much data converging and being stored on the same platform and in one place, a lot more harm can be unleashed if the data [or] data center is compromised.
When compromised, data naturally stands to be lost, and its this potential for loss—whether through malicious or other means—that represents the biggest threat to data centers today, says Mark Campbell, product marketing manager at PGP (www.pgp.com). Loss of data, regardless of intent, automatically triggers legal breach notification requirements in the case of unprotected information, he says. Such incidents also raise doubt about the organizations ability to protect sensitive customer information and intellectual property.
Increasingly, threats spawn from holes in existing channels that were previously considered secure. Securiants Campbell says, As thieves are focusing less on technology and more on compromising existing authorized channels, todays security technology is, for the most part, reactive and therefore only part of the solution.
Those same authorized channels that can be compromised by outsiders also can be used by insiders to gain access to sensitive data. As technology grants employees ever more powerful and flexible methods to access company data, the temptation continues to rise for employees to take advantage of that data for their own criminal gain.
Its the same old story: In espionage, its much harder to plant a spy within a company or government agency than it is to find someone who is weak and turn them into a mole, with or without their knowledge and cooperation, Securiants Campbell says. Its always much simpler to leverage trusted, authorized users to compromise systems.
In many cases, insiders arent necessarily acting with malicious intent, but their sloppy actions invite criminal behavior. The insider channel is the most important threat channel today, OBrien says. This may consist of deliberate misuse of resources, unauthorized access, or even accidental misuse. Poorly protected PCs and insecure behavior by end users—such as responding to spam and Web-based threats—expose those PCs to the risk of infection, allowing the PCs to come under the control of criminals.
Industry research, according to PGPs Campbell, shows that internal documents and spreadsheets represent the largest sources of data leakage. Further, employees unfamiliar with security procedures are apt to compromise data. For example, Campbell points to the recent Veterans Affairs data loss, in which a data analyst at the agency took home a laptop containing unencrypted information on 26.5 million people. The laptop was subsequently stolen during a burglary of the analysts home.
From All Angles
While todays threat landscape looks far different from that of years past, tried-and-true threats such as viruses, worms, and Trojans remain. But these, too, have evolved over the years to circumvent similarly evolving detection techniques.
Malicious software authors today are attempting to use malware in a more covert manner as a means to evade detection, OBrien says. Traditional malware, such as viruses and worms, are now outnumbered by Trojans, which aim to take control of a PC. Also, as corporations deploy more security tools—like firewalls and authentication—to protect certain aspects of the data center, then the threats move to newer and less-protected aspects, in particular compromising endpoint PCs as a channel into the data center.
Although we now rarely see widespread worm attacks similar to those that regularly seized headlines years ago, enterprises remain at heavy risk. Security experts tend to agree that while many companies put forth valiant efforts to secure their data, the sheer number and efficiency of todays threats mean that these same companies will never be truly secure.
I think the bad guys can shoot us any time they want, says Roger Thompson, CTO of Exploit Prevention Labs (www.explabs.com). "The only reason we're not seeing big outbreaks anymore is that it's counterproductive to them. They can't manage a huge number of [owned] machines. They dont want to cut down the apple tree, [but] just shake it every now and then and pick up the fruit that falls off.
by Christian Perry
The 12 Top IT Threats |
In a report titled "Trends in IT Security Threats: 2007," Computer Economics analyzed the 12 primary categories of computer security threats. The threats include:
Malware: Infection of the organizations systems or network by viruses, worms, Trojans, adware, or spyware
Phishing: Impersonation of the organization through email or electronic means in an attempt to obtain confidential information
Pharming: Diversion of Internet traffic to an imposter site by means of DNS poisoning or browser address bar attack in an attempt to obtain confidential information
Spam: Unsolicited or unwanted email messages
Denial-of-service: Attempts to overwhelm or overload the organizations network or system resources with the intent to degrade their performance or make them unavailable
Unauthorized access by outsiders: Unauthorized access or use of systems or the network by outsiders
Vandalism/sabotage: Defacement, destruction, or other damage to the organizations systems, network, or Web site
Extortion: Demands for money or other concessions based on threats to use electronic means to harm the organizations network, systems, or reputations
Fraudulent transactions: Fraudulent electronic transactions that result in financial loss or damage to the organization or its customers
Physical loss: Physical loss or theft of computer, storage media, or other devices and any associated data
Unauthorized access by insiders: Successful access by insiders to system functions or information for which they are not authorized
Insider misuse: Violation of the organizations policies regarding acceptable use of computing/network resources
SOURCE: COMPUTER ECONOMICS, 2007