News > Business

By Staff, ZDNet Asia
Friday, March 14, 2008 06:39 PM

Patrik Runald, security response manager, F-Secure Security Labs

	Patrik Runald, F-Secure
	To overcome increasingly sophisticated security solutions implemented by financial institutions/users, cyber criminals are continuously refining their techniques, especially through social engineering tactics, to improve their rates of success.

Q. What do you remember as the biggest industry news for 2007, and why?
Runald: The biggest industry news for 2007 is the exponential growth in the volume of malicious software. In fact, F-Secure detected a quarter million new malware in 2007, and this figure is almost equivalent to that of the previous 20 years combined. This massive increase in volume can be attributed towards variants of existing malware and techniques that were refined and adapted for greater effectiveness by malware authors.

A good example of this is the evolution of botnets, especially the "Storm" worm which is the largest-ever P2P (peer-to-peer) botnet that mankind has ever seen. With starter kits and technical support becoming widely accessible today, it is becoming increasingly easy for cyber criminals to create or modify these botnets, greatly encouraging the proliferation of such malware.

Name three hot technologies to watch in 2008.
In the security space, we foresee three upcoming security threats in 2008. First is the new techniques applied in banking Trojans such as "man-in-the-browser" attacks.

The second is Trojan password-stealers, specifically those that target popular online games.

The third is enhanced social engineering tactics used to launch bulk targeted attacks via spam with the increased availability and accessibility of personal information posted on social networking Web sites.

Motivated by financial incentives, cyber criminals are constantly looking out for ways to steal personal and banking data of Web users. To overcome increasingly sophisticated security solutions implemented by financial institutions/users, cyber criminals are continuously refining their techniques, especially through social engineering tactics, to improve their rates of success.

Name up to three security trends that IT heads should look out for in 2008.
The first is database breaches. There are massive amounts of personal data vulnerable to theft stored in databases worldwide and reports of database breaches and data losses are becoming routine. Examples of these incidents include TJX Companies exposing credit card numbers and transaction details and HM Revenue & Customs (HMRC) losing 25 million names, addresses and national insurance numbers.

Cyber criminals often make use of this stolen information to commit ID theft or mass targeted attacks and mass spear phishing. By making use of this information to enhance their social engineering tactics, users often lower their guard and expose themselves to phishing, backdoors and Trojans and compromising their organizations' security systems.

The second is Web exploits. As "spray and pray" spam waves decrease in effectiveness, there is an increase in Web based security threats. This is further fueled by the increasing availability of ready-made kits for vulnerabilities that target Windows, Internet Explorer, QuickTime, Real Player and WinZip.

The third is mobile security. Increasingly, employees are making use of mobile devices such as smartphones to work while traveling. More often than not, these devices are not equipped with adequate security solutions against malware such as spy tools. This, in turn, gives rise to the possibility of information and data leaks.

The biggest challenge facing IT departments is...
... Ensuring that the organizations' systems are secure against the growing volume and complexity of threats while promoting business productivity. In this aspect, organizations can explore investing in a comprehensive integrated security solution or adopting Security as a Service where security solutions are provided for by their local Internet Service Providers (ISPs).

This will enable end-users and organizations, especially SMBs, to be able to focus on improving business productivity and effectiveness without having to worry about security-related issues.

Talkback 0 comments

• Service Delivery Project Manager
• IT and Telecommunications Jobs Australia Service Delivery Manager SDM Itil Project Consultant
• Service Delivery Manager, IT, Financial Reporting (sd4)
• Service Delivery Manager SO Gsdc
• Technical / Service Delivery Analyst Circa $60,000 Package

Search for your ideal tech job:

TechGuides

Replicating your infrastructure in a lab

Learn two ways to replicate your current environment for testing and evaluation of new server platforms.

Read more »

Latest from Blog Central

What's the Indian definition of privacy?

Read more »

What's important from our sponsors

Webcast: Maximizing Data Protection with Disk-Based Backup

Please register now to attend the webcast as guest speaker Noemi Greyzdorf of IDC explains why protecting data is critical to your business

Receive a complimentary copy of the IDC Analyst Connection when you sign up

Cutting-edge technology from premium sponsors

HP Simply StorageWorks D2D Backup System

Explore this disk-to-disk backup system that is fully automated and provides reliable data protection for your business.