The surfacing of high bandwidth wireless devices has made a firm impression
in the market but has also lead to security becoming more complex.
In 2008, security attacks online were rampant despite Web filtering services
by leading security vendors. As per a Websense report, fraudsters have been
constantly improving their underground ecosystems and adopting different attack
strategies to target unsuspecting users.
From the fraudsters' perspective, the attack goes beyond registering fake
accounts or email addresses, sending mass emails over the Internet, infecting
thousands of user machines, or stealing information. It also involves switching
things with a combination of different tactics and a goal to target others users
over different areas of the Internet.
The problem is further supplemented by the fact that people are getting more
mobile. The security landscape is being affected by rapid changes in the way
people work and collaborate. The attacks are small and sophisticated and include
service-level and application-targeted attacks, DNS poisoning, and route
hijacking. The proliferation of botnets and the damage they can inflict on the
network infrastructure will continue to be common.
In the future data-centric mobile devices could become a major target for
virus writers and hackers, as well as pose enormous amount of risk to data
confidentiality. Lost or stolen devices can jeopardize confidential business
data, compliance efforts and reputation. Moreover, as per industry analysis,
businesses suffer from the costs of downtime, leaked data, infections, lost
employee productivity, and cleanup.
![]() |
It's in the Air
In the recent years, the shift from wireline to wireless networks has sharpened
the way enterprises approach their end goals. And with this growth information
is going to be more and more susceptible to attacks. Earlier, telecom networks
were more service centric, closed and had a propitiatory architecture approach.
However, with the emergence of networks such as 3G and WiMax, it is going to be
more open with more external exposure and customer control.
The growth of remote workforce is resulting in the progression of VPN and
wireless based networks. According to experts, there are several infrastructure
issues related to such networks and the demand from enterprises is revolving
around them. Also, data speeds while using data cards is not up to the mark and
there are various security challenges associated with networks based on 3G and
WiMax.
An annual survey by Arbor Networks indicates a 67% increase in scale of
attacks over the last year. The largest sustained DDoS attack in 2008 was 40
Gbps, or 2.5x the size of the largest attack reported last year and 100-fold
increase versus 2001.
As per industry forecast, 2009 could see dramatic increase in the volumes of
spam, phishing and malware attacks targeted at companies.
As much as 90% of all infected Web pages are from legitimate sites. This
trend creates several challenges for enterprises. Network admission control (NAC)
and application security are two significant areas in network security that need
to be considered.
As per an analysis of nearly 430 mn email messages in 2008 by Trust Layer
Mail, the clean mail managed service from Panda Security, only 8.4% of emails
that reach companies are legitimate. Some 89.9% of messages are spam, while
1.11% was infected with some malware.
In terms of new solutions UTM (unified threat management) can be considered
as the most recent trend in this space. Some organizations are also using
biometrics, including fingerprints and iris scans, to authenticate users. In
addition, the future of networking security will be governed by binding user
identity with security because the individual user has emerged as the weakest
link in the security chain
Experts panel | |
Amuleek Bijral, country manager, India & SAARC, RSA, Security |
Growing Concerns
Security concerns have risen to a new level altogether. It is no longer about
handling malware threats. Many organizations report financial losses due to
security breaches resulting in business losses, making security a top concern.
Despite being a security blind spot for many organizations, network devices are
at risk too. It is a requisite for organizations to not only upgrade their
networks once a year but also to set security policies which protect all
important assets, and make their implementation automated and straightforward.
It is imperative for a CTO to analyze if security can be one of the core
competences within the organization. This means looking at IT staffing issues
for security management. Further, a CTO/CIO should equate the related investment
and operating expenses to the internal management in comparison to outsourcing
their security.
It is also mandatory that both the staff and team of experts have an
understanding of various threats and counter measures along with a fair
knowledge of the efficacy and limitations of different tools available in the
market to deal with them. Consensus from the top management and participation of
users at each level is very important in implementing effective security.
Buzzing Trends and Challenges |
|
The Need to Change
While it is always expected from the vendor community to bring new and
innovative solutions to safeguard the interests of enterprises, the onus also
lies on the organizations to change the way they look into their security needs.
It is also very crucial for the government to implement policies that help
enterprises to achieve meaningful security measures rather than mere regulatory
compliance.
In addition, the realization and increasing awareness of security will
definitely create a demand and shall consequently be the driving force for this
industry. It must however be remembered that growth can only be sustained if
these issues are addressed and security has to be part of the way we conduct
business.
Jatinder Singh
jatinders@cybermedia.co.in