Going to war on the IT security battlefield

With Symantec's recent announcement that anti-virus technology is on the path to oblivion, system managers will need to have a better understanding on how threats are evolving.

Image: iStock

Threats are constantly evolving - some faster than others. Take for example today's threat landscape, an ever mutating cacophony of bad code, designed to penetrate the most secure environments using multi-thronged attacks.

It is the nature of those unified threats that are forcing a rapid re-engineering of security technologies. Simply put, the network edge has become a battlefield and IT is at war. However, like any battle, success comes from intelligence - identifying and understanding the enemy's capabilities, motives and most importantly, their tactics.

Today's cyberthreats have changed focus from those in the past, taking on a more targeted persona, with the ultimate goal of financial gain, in one form or another. Whether threats come in the form of identity theft, corporate espionage or data theft is not the key point today - all of those elements (and many others) are under attack, forcing organizations and individuals to innovate new protection schemes to keep data and intellectual property secure.

The key to avoid today's (and tomorrow's) threats is to act proactively - in other words, remain at least one step ahead of those distributing malware and participating in data theft or corruption. However, proactivity can be hard to achieve, especially if management lacks the proper tools, knowledge and most importantly, the partnerships with vendors, service providers and security experts.

Prioritizing threats

Partnering with the right service providers and vendors allows a business to benefit from knowledge derived from current threat landscape and allows managers to place priority on the appropriate protection schemes and technologies. What's more, those partnerships can deliver insight into compliance and other security driven practices, helping organizations to maintain compliance and meet auditing objectives.

However, partnerships can only deliver so much insight, requiring that effective tools are deployed - ones that can consolidate and unify security management in a proactive fashion. For true protection, it takes a platform that can report on the current threat landscape, identify trends and offer predictions that can fuel remediation, before a threat is encountered. The first step to achieving security nirvana comes in the form of completely understanding the threat landscape.

Today, the current threat landscape consists of more targeted attacks, especially when it comes to spam. Recent research from Cisco shows that the volume of spam is falling, yet sophistication is increasing and moving toward more targeted shorter runs, which are "based on world events and particular subsets of users." Adding detail to this trend, Cisco notes that India remains the main source of spam, with the US moving from sixth to second; spam drops by 25% over the weekends (most likely because targets don't check email as frequently); and 79% of spam is in English. Cisco also notes that spammers have moved away from malicious attachments toward malicious links, with only 3% of spam carrying an attachment.

Mobile malware increasing

Another trend is the increase in mobile malware, which grew by 2,577% during 2012. According to Cisco, Android is the most targeted (95%). But that still represents only 0.5% of all malware encounters, meaning that the malware aspect of the mobile threat should not be over-hyped.

However, one must take into account the growing trend of BYOD (Bring Your Own Device), which magnifies the mobile malware threat. Taking into account with the evolving cybercrime landscape, mobile devices may very well become the preferred choice for intrusions into corporate resources. An observation that is most troubling, especially as the cybercrime landscape has evolved into a set of highly specialized criminal products and services that are able to target specific organizations, regions, and customer profiles by using a sophisticated set of malware exploits and anonymization systems which routinely evade present-day security controls.

That in turn has created an entire underground economy, which has been built for the purpose of stealing, packaging, and reselling electronic information. What's more, cyber criminals have expanded their reach into other forms of information theft and are now selling access to private networks.

Combating those threats (and many others) has become a major chore for most organizations, which is unlikely to letup anytime soon. However, regular research and understanding the dangers of the cyberthreat terrain should prove to be beneficial allies in the war against cyber attacks. IT managers, administrators and other stake holders can turn to informative sources, such as several security organizations and security product vendors to better understand the threat landscape and derive proactive plans for combating threats.