BANGALORE, INDIA: Only over the last one year, 286 million distinct malicious programs were unleashed by attackers, says the latest Internet Security Threat Report (ISTR) by anti-virus and anti-spyware products company Symantec.
When not even one day passes without a major hacking news break, this might not come as a surprise to many. It would naturally seem the order of the day, even as various organizations and government agencies are scrambling across to secure their networks.
But, when the threat proposition is simplified to nine new threats every passing second of last year, the enormity of the situation somehow gets blown up. Contrastingly, there were only 2.5 lakh threats by January 2007, the report said.
Also read: Google + a gateway for malicious authors?
“Over the last decade, the numbers are steadily increasing. External attacks are a significant threat in the enterprise security landscape today. Attackers are becoming increasingly sophisticated, stealthy and targeted, and their primary motive is financial gain by compromising confidential information,” said Anand Naik, director, Technology Sales, India SAARC, Symantec.
The ISTR XVI has also revealed that data breaches caused by hacking resulted in the exposure of 260,000 identities on an average, which was nearly four times that of any other cause. At any time, three of the top-10 search terms have malicious URLs in the results and upto 68 per cent of the links could be malicious, said the study.
Also read: Oracle, other companies “punkd” in hacking contes
According to Naik, the way security is being looked at is changing dramatically, from the point of view of enterprises in particular.
“Businesses today encourage use of digital and mobile devices such as laptops, smartphones and tablets to enable productivity and access to information from anywhere. If this information is not managed and secured properly, it can provide a window for attackers to exploit,” he explained.
Hence, while new trends such as cloud computing and virtualization are enabling mobility, they also create new security and management challenges.
Symantec’s State of Enterprise Security Survey 2010 revealed that 54 per cent of Indian enterprises felt that external attacks were growing, 42 per cent were worried about internal malicious attacks and 52 per cent about the rise in instances of internal unintentional data loss.
Also read: ‘Hackers can attack Android’
“The threat is evolving from a mass attack model to that of a targeted attack (micro distribution), which is not necessarily an Advanced Persistent Threat (APT),” said Naik, who added that the ability to research a target online through social media had enabled hackers to create powerful social engineering attacks that could easily fool even sophisticated users.
One of the recent trends, observed Naik, is the increasing number of APT. “These are threats that penetrate the victim’s network and stay in hiding until instructed to perform malicious tasks. Very often, the infected enterprise will not even be aware of the fact that their security has been breached,” he explained.
The approach to guard against these attacks and secure the networks should be holistic – risk-based, policy-driven, information-centric, actionable intelligence and well-managed infrastructure. “While application control is critical, environment protection needs to be simple,” suggested Nair.
In real-world tests, Symantec was 98.1 per cent efficient and proved to be much better than its competitors, he claimed, adding that it was the most effective in remediation as well.
In scan speed and memory usage, too, Symantec Endpoint Protection 12 (SEP 12) outclassed all its rivals, said Nair. “SEP 12 uses 66 per cent less memory than McAfee and 76 per cent less than Microsoft,” he reckoned.
Article source: http://www.ciol.com/Security/Enterprise-Security/News-Reports/286-mn-malicious-attacks-in-2010-Report/153448/0/
View full post on National Cyber Security » Spyware/ Cyber Snooping
