Mitigating the risks

With security threats coming from all directions nowadays, Costin Raiu offers his advice on how organisations can protect themselves.

The beginning of the year was marked by a number of notable incidents. First of all, the targeted attack against Google and 30 other large US companies marked what I believe will be a notable trend - cybercriminals focusing on high precision targeted attacks, with great potential for financial gain. Secondly, we see P2P applications spiking as a source of malware and infections for users, so I believe that will continue throughout the year. Finally, this year will be marked by serious efforts from companies such as Adobe trying to close the huge gaps in their products, such as Adobe Reader.

A good security strategy and implementation policy is a key survival factor in today's cyberworld. The emphasis is on 'good' here because there can be different levels when implementing a security strategy, balancing usability with strength of protection. A few key points include correct access permission in the local network (make sure that rights to change files are granted on a per-need basis) and that there are logs for the Internet access. A good solution has been found to be the proxying of all outgoing connections, through a proxy with authentication. This seems to take care of many Trojan-Spy that are designed to steal passwords and other confidential data.

There are certain important steps that can limit the amount of attacks and threats coming from using social networking sites. In general, people should not post private details such as home address or other information that can be used in password recovery forms. Also, we should avoid publishing too much private information and make sure that we limit the amount of people that can see it. A good practice is 'friends of friends', a better one is 'only friends'. Make sure that the information seen by random users is very limited, for instance, just name and city. Lastly, be sure whom you befriend on social networks. A good practice is to only accept friend requests from people you've met in person. A better one is to only accept friend requests from people you've met in person at least twice.

Cloud computing can really make a difference when it comes to stopping new attacks, so it is important that security suites do take advantage of this technology. However, they are not the final solution to all problems. It is important for managers to understand that cloud computing and in-the-cloud security are just parts of the security chain and must be complemented by the measures detailed in the previous point. In general, we see attacks against all kinds of enterprises - big, medium and small. As long as they have important information that can be turned into money, they are targets.

In the case of a successful attack, losses can include damaged image, loss of intellectual property, data loss and direct financial loss.The attack process itself can then include blackmailing or other threats. Facebook and Twitter are actively used by cybercriminals as infection vectors. Kido, one of the most widespread malware of all times, did not take advantage of Facebook or Twitter to spread. Yet, there are cases of malware that is using social engineering in the process that are very serious and hard to remove.

Promising technologies have appeared over the years which could turn the tides in this never-ending battle between security companies and cybercriminals. In-the-cloud security is here and it is an important development of the battle, as it greatly enhances reaction speed - delivering faster protection while obtaining true feedback on the effects of new detection algorithms. Furthermore, virtualisation and sandboxing are shaping the industry, allowing for better isolation of malicious software - limiting damage. Whitelisting is another, as it makes sure that only programs from known sources have access to the system. I think the changes in the threat landscape will closely mimic these developments, while at the same time, taking advantage of the weakest link in the security chain: the human mind.

Costin Raiu has over nine years' experience in antivirus research and technology development. He is a member of the Virus Bulletin Technical Advisory Board and CARO. Raiu also provides his services as an incident reporter to The Wildlist Organization International and has published extensively on data security and computer viruses. He joined Kaspersky Lab in 2000.