Companies need to protect application layer says Paladion
Paladion Networks says organisations still focused on network perimeter defence
Cyber crime attacks are increasingly focusing on the application layer, although organisations are still focused on protecting the perimeter, according to information risk management provider Paladion Networks.
The company has released its Threat Intelligence Report 2011, which takes data from 260 Paladion customers in the Middle East, India and South East Asia. The report shows that over half of all attacks are now focused on the application layer, but that just 2% monitor applications as a source of security events. The majority of companies are still focused on network infrastructure and the perimeter in terms of monitoring and protection.
Paladion said it had seen an overall decline in phishing attacks against banks in the region, and that also the speed to take down phishing attacks had improved. Phishing attacks predominantly come through the US.
Rajat Mohanty, CEO, Paladion Networks: "Our conclusions are based on first-hand experience of working in the Middle East with local and multi-national companies from various industry sectors. As revealed in the report, the InfoSecurity threat landscape within enterprises is shifting with changing times and the measures to deal with them are expanding. Overall, while threats are getting more financially motivated and targeted on applications, organizations have lower level of monitoring and higher vulnerabilities on application level which also stay open for much longer compared to network level."
Firosh Ummer, Executive Director, Paladion Networks (UAE) further added: "Phishing as an attack form has gone down in the region last year. On an average, a bank would have faced around 400-500 phishing incidents last year and the average victim per attack was around 10-15 end consumers. While monetary losses from phishing can be absorbed by the banks, the impact on reputation and customer trust is higher."
He said: "Given the dominance of certain geographies in attack sources, a differentiated security monitoring strategy with geo-mapping tools can be of value to organizations. Also, as Phishing as a threat is reducing its fizz, there is likely to be some other forms of attack to replace Phishing in near future, and financial institutions in the region have to gear up other fraud management measures to protect Internet and ATM channels."