Dire predictions

According to Blue Coat's latest release on security threats, enterprises will need to increase security training and best practices among web developers in order to ensure long term safety.

  • E-Mail
By  Sathya Mithra Ashok Published  May 25, 2008

According to Blue Coat's latest release on security threats, enterprises will need to increase security training and best practices among web developers in order to ensure long term safety.

Security threats will continue to multiply as thieves and 'ne'er-do-wells' continue to target enterprises and systems for gain. This is according to Blue Coat Systems' recent statement on the top ten security trends of 2008.

"In the last few years, the nature of threats across the internet has changed considerably. A few years ago, there were many instances of virus outbreaks - these were mainly created by people looking to publicise their skill at creating viruses and so wanted to infect as many people as possible and make the virus attack very obvious," says Nigel Hawthorn, VP EMEA marketing at Blue Coat Systems.

"Today, virus-writers haven't gone away, but the threats have changed to have a financial motive and often the aim is to surreptitiously infect the victim's PC and steal valuable information such as banking passwords. In addition, though spam is still annoying, the message or infection carried with the spam is not in the e-mail itself, but in a link that the e-mail tries to persuade the victim to click on. Our top ten security threats for this year clearly demonstrates that you have to keep your wits about you and not trust anything from someone you don't know - if it looks too good to be true, it probably is," adds Hawthorn.

According to Blue Coat, the top threat comes from ill-intentioned hackers who inject mobile malicious code into otherwise reputable sites. Typically, the infections are timed for peak traffic at the site.

The worst part is that visitors don't have to explicitly download any content to have their own machines infected.

Simply browsing or "driving by" sections of these infected sites allows evil scripts to embed themselves in customer PCs and do tremendous damage.

Because these are well-known, reputable sites - some of the most trusted names in online news and commerce - URL-filtering and reputation tools won't block users from visiting them.

Malware infections will spread through widgets in websites and dashboards, and criminals will continue to target laptops harbouring valuable identity-based information.

Not only are online videos also becoming channels for attacks but digital picture frames and memory sticks are prone to attacks as well.

Increased social networking will also introduce new strains of malware to systems while botnets, like the Storm botnet, will be responsible for the bulk of spam and malware infections this year.

In response to some of the identify threats out there, enterprises will increasingly turn to new identity standards, such as Open ID, in order to try and minimise their exposure.

Nevertheless, Blue Coat states that web security will continue to be thwarted by the performance and scalability limitation of most web gateway products, and enterprises will continue to find themselves short-changed by products that promise comprehensive network protection but do not necessarily deliver on performance.

Security training and testing has to become mandatory for web developers in order to increase the reliability of websites. Till then, enterprises will need to be vigilant and ensure implementation of reliable security solutions to stay safe.

Security brief

Security threats still abound and some can be disastrous to company IT infrastructure and corporate data. To better protect your organisation, Blue Coat suggests:

1. Be aware and keep up to date on these threats.

2. Learn how to recognise their format and pattern and watch for them.

3. Educate all members of the IT department and senior managers.

4. Deploy tools to help you protect your data.

5. Do research and look for vendor tools that provide you with not just desktop anti virus protection, but also:

• Distributed application threat monitoring

• Information on employee web browsing activity

• Prevention from virus injected reputable web sites

• Filtering to block malicious URLs and code

• Laptop lock down and recovery processes.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code