Security

Cybersecurity challenges in 2013

Dmitriv Ayrapetov describes the threats that Dell SonicWall has identified as the top challenges for companies to prepare for in 2013.

By Dmitriy Ayrapetov, Director, product management, Dell SonicWALL

The issues affecting businesses are similar around the world. The key issues and points of vulnerability are around human engagement - most of it innocently - such as bringing an infected personal mobile device into the corporate network, or clicking on a social media link that looks harmless but hides a Trojan or Worm that will secretly steal data and money and, potentially, remain undetected with severe impact on security of the infected device.

The major cyber-security challenges to businesses through 2013 will come from

  • Increase in Exploit Kits
  • Increase in mobile device cyber-security threats
  • Increase in sophistication of threats

Increase in Exploit Kits

Exploit Kits represent the dark but massively profitable side of cyber-security attacks. Exploit kits comprise malicious programs. They quickly identify and then attack cyber vulnerabilities and spread malware. Exploit kits are created, sold and rented, on the black market. We predict they will be increasingly used because of their ease of deployment (rental model) and ease and speed of infection they deliver. The impact of these attacks will be felt in loss of data, IP, identify theft, financial fraud and theft, as well as in diminished business productivity and continuity. We expect to see exploit kits targeting Windows 8, MAC OS X and mobile devices, particularly Android based, in 2013 as these three targets represent fast-growing segments used by corporates and consumers alike to transact communications, business and commerce.

The growth of malware will continue at an explosive pace. In 2012, Dell SonicWALL identified nearly 16 million unique malware samples through its GRID (Global Response Intelligent Defense system) compared to 13.5 million in year 2011. Already, there are around 44,000 new malware samples every day.

MALWARE ATTACKS PAST 90 DAYS IN  NORTH AMERICA   (source:  Dell SonicWALL Global Response Intelligent Defense system)

Increase in mobile cyber-security vulnerability

The adoption of NFC (near field communication) for mobile payment systems makes mobile platforms a very attractive target for financially motivated cybercrimes. The increased use of personal devices because of trends like BYOD (bring your own device) in businesses creates entirely new cyber security issues from loss of company data and IP, financial threat, and non-compliance issues to name a few. As social media continues to be adopted universally for personal and business purposes alike, malware will increase dramatically across Facebook, Twitter, and Skype in 2013. This triple threat threatens targeted mobile devices at the point of commerce, through their access to corporate networks and through their access to social media channels. It will be particularly dangerous and become more advanced and prevalent.

Increase in sophistication of cyber-attacks

Last year, we saw cybercriminals abandon older scareware methods such as Fake AV scams and move over to Ransomware scams. We expect to see this continue and become more global and multi-lingual, which also represents a growing threat to Latin America. Ransomware attacks lock down a computer, device, or service and holds all the data hostage or even threatens court action if the user does not pay. These are very devious attacks that are embedded deep into the computer or device and it is nearly impossible for an average user to regain control over his own system and data.

The sophistication and ability to attack and paralyze websites will continue to grow at dramatic pace. For example in 2011, there were 1,596,905 DDoS (distributed denial-of-service attacks) compared to 120,321,372 in 2012. As businesses of all sizes continue to move services and infrastructure to the cloud, the issue of DDoS will be high on many agendas at it has the potential to quickly cripple entire cloud infrastructures.

Are the risks different for small and large enterprises?

Viruses, Trojans, Worms, and Ransomware do not differentiate between a large or small business. They represent the same risk, no matter if you have a lot or only very little budget to invest in network security. Irrespective of the size of your business, these threats can mean loss of profitability and productivity, loss of data and financial assets, and potentially catastrophic loss of business continuity. It is likely that small businesses are more likely to fall pretty to these attacks, because they do not have the budget, IT infrastructure, or support that a large business can afford. On the other hand, the more people a business employs, the greater the vulnerability of its network.

What steps can business take to protect itself from cyber-attacks?

The most important steps for a business of any size to protect itself from cyber-attacks is to be aware of the most obvious and dangerous variants. Secondly, it is key to educate employees how to recognize and avoid accidentally bringing a virus/malware/trojan into the corporate network. A recent survey by Dell SonicWALL customers shows that 68 percent of all businesses reported that employees cannot identify fraudulent attacks on the corporate network.

It is the dirty little secret of the beautiful world of social networks and mobile device interconnectedness that they are a breeding ground for malware and Internet criminals. Many businesses believe their existing firewalls will protect them from an attack. The reality however, is that old firewalls pose a serious security risk to organizations today. First-generation firewalls technology has become obsolete as it fails to inspect the data payload of network packets circulated by today's Internet criminals and to protect from attack.

To prepare and protect from the massive growth in social media, applications, BYOD and multi-media files flowing through a corporate network, entirely new technology is needed. It is today's next-generation firewalls that include advanced technology such as application intelligence and control, intrusion prevention, malware protection and SSL inspection at multi-gigabit speeds, scalable to support the highest-performance networks and protect them effectively from the modern threats every user of email or the Internet encounters on a daily basis.

If an organization does business anywhere on the Internet, it is likely not a question if, but when it will be targeted by cyber criminals. While no protection is ever perfect, there is much that business can do to minimize and deflect the impact of these potential threats. Especially, the IT organization should closely collaborate with the company leadership to identify vulnerabilities lie, prepare with appropriate countermeasures including advanced high performance, high redundancy network security components and educate employees for the best possible defense and protection of business assets.

2 comments
Michael Kassner
Michael Kassner

"If an organization does business anywhere on the Internet, it is likely not a question if, but when it will be targeted by cyber criminals." Using "likely" relieves you of the burden of proof, but, I know several companies that live on the internet, have for many years, and have not been targeted.

HAL 9000
HAL 9000

The last one disappeared before I got a chance to click on Submit Reply. :_| Anyway Michael I tend to agree with the Statement I personally think it's much more likely to be [b]When rather than If[/b] you are attacked and a Robbery Attempted. With the advent of Social Diseases err Media these days it's very much a case of so many people using it and not knowing what it is that they are actually doing. Facebook users are so interested in sharing the Color of their Underwear, their Bank Account Details and so on that they as a Group are a very tempting Target and that places founder, firmly believes that to be [b]Totally Safe[/b] you should be [b]Totally Open[/b] and share everything. It's only when you have nothing to hide that you are safe. I tend to Violently Disagree with that Concept as I believe it's only when you have nothing that someone else may want that you are safe and to me I don't know of any person who falls into that Category. Even the poorest person who uses Publicly supplied Hardware over a Free Public Access Point has things that others may want. Doesn't matter that they have no items that they own they still have their Internal Organs which there is a very big Black Market in. Even then if their Organs are of no use their have their Identity which others may want to use for Nefarious Purposes and they don't actually need anything at all from that person other than the fact that they once existed. It may even be in the Criminals Best Interests to Murder and Hide the Body so there can be no reports of Incorrect Transactions. So to put it simply if you have Nothing at all, are supplied Hardware by a Publicly Funded Program and access the Internet over a Open Public Access Point to be perfectly safe you need to be Dead, Cremated and have your Previous Identity Erased from the Public Records. Currently I know of No Person who falls into that Category and more importantly if they did they would have no use for that Publicly Funded Access or be able to use it anyway. [b]Generally Speaking Dead People don't need a Net Connection or use it ever.[/b] ;) When I read the above I was reminded of the First Denial of Service Attack in AU possibly the World where a On Line Bookie was approached with a demand for Payment or they would be taken off the Net. That person Immediately approached their ISP a very big one in AU and was told that he had nothing to worry about and that the ISP would protect him. Personally I think it was all Marketing Speak with No Technicians involved at that stage but regardless there was no previous Attack Similar to compare to so those who where advising the Bookie had nothing to compare the Threat against. Anyway when the attack happened the ISP was flat out trying to Protect Itself let alone protecting their Customer who had no hope of staying On Line in a functioning business. The Customer was Hung out to Dry by the ISP who in reality was on the edge of being declared Bankrupt by the actions of the Criminals, who in reality where not interested in the ISP at all. They where simply a Means to an End and nothing more than Collateral Damage in the Initial Attack. Anyway back to the Original Point with the advent of Social Media and the Belief that to be [b]Perfectly Safe[/b] you need to have [b]No Secrets[/b] and the complete [b]Lack of Understanding[/b] of what it is that these people are actually doing it is now far easier to have someone on the Inside Open a Door for the Criminals to get in and remain Unnoticed. The days of End Users clicking on Links because there are there is not over and if anything things have got far worse as now days they no longer need to click on a Link simply opening a Web Page like this one is more than enough to infect things. Throwing into that Mix a Bring Your Own Disaster Demand from the staff is just leaving the Door ripped off it's Hinges and the Company not only Wide Open but actually Welcoming/Inviting Attack, though those involved in the decissions making process may not understand that fact. Centralizing so much of your Data in the Cloud doesn't help either as you are moving the Attack Points to a more Available Location where you as a Business may accidently be picked up while the Organized Criminals are looking for some thing/one else to attack. You may not even be directly attacked but be nothing more than a Bit Player aversely impacted when your Cloud Provider for whatever gets hit. Any Company who Stores it's Data in the Cloud will call it a Disaster if they can not connect to that Cloud when they need to, to access their Data but as yet I'm not sure how they would describe the situation if they where to find out that not only could they not connect reliably but that their Data was constantly being refreshed from Backups on the few occasions when they could get on. It's even possible that all their Data could simply just Disappear without them being directly implicated or targeted in an Attack, but the Cloud Provider is or another company who uses the same Cloud Provider being the subject of the Attack. The Brave New World of Big Computers, Centralized Data Stores and constantly being On Line has a lot to offer some people but it also has a lot of Disadvantages which can adversely impact far more that it actually helps. With the move to the Internet of Things, a Company who makes Medical Equipment like Pace Makers could easily be targeted and Blackmailed by threatening to Turn off the Pacemakers of the users. In a case like that the damage to the company would be devastating but in all likelihood the Government of the country that they are in would step in to protect them, but the results to the people who use that Equipment not only would be Fatal but quite Permeant. It could be something as simple as End Users Fridges reordering food that needs to be replaced after it is used but as these devices are always connected the Criminals could quite easily Blackmail the Fridge Makers or the Supermarkets into payments or they will send these products crazy ordering things that are not wanted or needed thus giving who ever was the original target the wrath of the End Users and a bad name while also adversely impacting on the end users and their suppliers. It's not hard to believe that a Rash of Fridges reordering items could easily swamp the system and break it even though it was the Fridge Makers who where the original Target of the Attack so many others are adveraly impacted. On a much more simple level the Talking Toaster which is Hijacked and constantly asks you do you want it to make you toast sounds like a trivial nuisance but the reality is that with the current Supply Trends just a very small % of the population getting fed up with their Smart Device and destroying it will cause a Total breakdown in the Supply Chain and the inability to supply any number of people with these devices that have been attacked and hence destroyed or rendered Inoperative. Whichever you personally prefer. :D Uncontrolled Technological Advancement while being perceived as Great has the ability to Destroy Society unless the necessary Safe Guards are built in before they go live, but with the speed of advancement today what the dangers actually are, are not known until after they happen in most cases and while the then appear [b]Obvious[/b] to everyone after the event until they actually happen no one gives them a single thought. So today I firmly believe that you are more likely to be Attacked because you are Connected to the Net than you where in the past and the same applies to what where previously Unremarkable Companies who on the surface of things would appear to have no Interest to the Criminals. Of course as things develop these same people and companies are more likely to be attacked so things are getting progressively worse not better. Col