Throwing away the key

Wayne Hull, general manager for Cisco UAE takes a look back at the security issues that have shaped the IT landscape this year

Tags: Cisco Systems IncorporatedUnited Arab Emirates
  • E-Mail
Throwing away the key Wayne Hull, CEO Cisco UAE: "The recession has created new moneymaking opportunities for at least one group of ‘entrepreneurs'— identity thieves".
By  Julian Pletts Published  November 24, 2009

The recession has created new moneymaking opportunities for at least one group of ‘entrepreneurs': identity thieves. As predicted in the Cisco 2008 Annual Security Report, spam, phishing, and text message scams are on the rise and growing in sophistication. Many of these campaigns are designed and deployed for the purpose of stealing identities to open new financial accounts or misuse existing ones.

Of even greater concern is the role that ‘carding' - large-scale theft of credit card account numbers and other financial information - plays in funding terrorism and drug trafficking. According to a recent US Department of Justice report, Data Breaches: What the Underground World of Carding Reveals, the "connection between identity theft - in particular as it relates to obtaining fraudulent identification documents - and terrorism is well established. In addition, links to drug traffickers engaging in identity theft for purposes of funding drug addictions is also well known."

When it comes to IT security what areas or dangers has the Middle East market yet to properly address?

This environment has driven the need for true security solutions on a global scale.  For some time, products have been called solutions, often misrepresenting the term as products alone are not solutions.  If a worm was the threat you were concerned about, you might deploy an intrusion prevention system to stop the propagation of the worm, the single product may successfully address this problem. 

The security challenges faced today require a solution not just a product.  For instance to meet compliance requirements, or in this case PCI, there are 12 specific requirements that must be addressed, requiring a system or solution and not a single product.  For the increasing problem of data loss, information may leave the enterprise through many different points - user PC storage media, email, backup media and malware.

A system or solution is needed to address data leakage and the many aspects of how and where leakage may occur.  The same holds true for malware.  Malware is often shared or propagated through a multi-step process, email used to deliver an initial attempt to begin malware installation, followed by links it efforts to drive traffic to a malware hosting site, and subsequent activities across the network or on an endpoint that may carry out the attack, such as connecting systems to a botnet, loading trojans on endpoints for key logging or data capture, or sending intellectual property or critical information outside the organisation. 

This all highlights the need for a systems approach that can streamline IT Risk Management for security and compliance.

How do you feel the security market will shape up in the year to come? What will be the most significant technological developments? Are there any new dangers that look set to be a part of 2010 considerations? What are the essentials?

Cybercrime, fuelled by the global recession, is costing global businesses and individuals billions of dollars, according to recent industry estimates. It is a complicated world, with players big and small, organised and fringe, sharing a common desire to secure their own profits.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code