If you’ve been around IT for a while, you may look back longingly at the time when IT security was, well, a whole lot simpler than it is now. The notion of hackers as pimply teenagers, using their precocious skills to find their way into government systems for the bragging rights, is long outdated.
Today, organised cyber-crime is big business, and the dangers are as likely to reside within your organisation as outside it. That is not to say that your staff are all hiding Mafia links, of course. One of the biggest challenges preoccupying today’s IT security specialists, though, is the possibility that colleagues might be unwittingly ushering in some unwelcome guests on their mobile devices.
Australia’s big four banks were among financial organisations around the world that were recently targeted by malware hiding on infected Android devices. The malware was designed to harvest login and password details, and even to intercept security codes sent by SMS to the devices. In this case, malware appears to have been hidden in an app imitating Adobe Flash Player, downloaded from infected websites. Not surprisingly, the banks put enormous effort into keeping their customers’ transactions safe, because they are constantly targeted.
It would be easy to think that such attacks are purely the domain of big name businesses and high-profile government departments, but that would be wrong. When one of the United States’ best known brands was hacked last year, it was not attacked directly but via a smaller business contracted to provide non-technical support services. The smaller business did not see itself as a target for a concerted strike on its systems.
Similarly, while your staff may represent a smaller target in their own right, employees are increasingly being used as a route to bigger rewards in corporate environments. The BYOD trend has many well-documented efficiency and staff satisfaction benefits, but it does change the security landscape. To add to that, customers and business partners are welcomed further into the online environments of those they interact with.
Apps are becoming a favoured method of entry for many cyber-criminals. With a very short development cycle, code is often acquired from code libraries, with the developer unaware that it may contain more than just the function they seek. Being mindful to only acquire apps from trusted sources, such as Google’s Play store or Apples’ App Store, can help to reduce risk, but the right malware defence is still vital. Because of hidden malicious code, it pays never to assume safety. For a small outlay, you can make yourself a whole lot safer.
A positive trend is the way some IT vendors have done a great job of integrating stronger security into their products. This definitely helps. Like with most technology, though, the products are only as good as the design of the overall systems and strategy. Or, in other words, those great new security features will only keep you secure if they are employed correctly, and combined with solid processes and staff training.
Juniper Networks breakthrough security approach uses advanced threat intelligence to stop attacks at the enforcement point. The next generation security services includes firewalls that filter content for viruses, spam and web threats at the network level. According to Juniper, it isn’t good enough to leave content security to the endpoints, which may not get threat updates as frequently.
One of the most important aspects of today’s security solutions is the recognition that not all hazards are on the outside, trying to get in. That doesn’t mean shutting out the whole world – in fact, these days, that would likely hasten the demise of many organisations. It means making sure you are always up-to-date with the latest developments, thoroughly testing your own defences, and reaching out to your staff to help them to stay safe on their own devices.
We’re strong believers in using security as an opportunity to engage more openly with your community and customers. When you find the right mix, it is great to be able to welcome in the right visitors, while firmly closing the door on unwanted online guests.
We love solving tough security challenges! For expert security advice on your security posture or a chat about the latest IT security trends, contact the Comlinx team of friendly IT security experts.