|
SA companies are not prepared for the next wave of threats |
|
|
|
|
Friday, 15 July 2005 |
According to the Information Security User Group of Southern Africa (ISGSA), the growing sophistication of malware (malicious software) still positions viruses, worms and spyware at the top of the list of security concerns.
"But there are other threats which many SA companies are totally unprepared for," the organisation adds.
Craig Rosewarne, chairman of the ISGSA, says that many companies deploy firewalls and anti-virus (AV) protection, believing that this will serve as adequate protection. "Of course these are vital, but effective only up to a point" he says.
"Firewalls do their best to only allow legitimate traffic into a company, but, unfortunately, malicious traffic still gets through. Newer worms also still get past many versions of anti-virus software. The Sober.P worm, for example, uses a refined mechanism for blocking input/output access to its files by other programs, preventing anti-virus scanners from detecting it."
Linked to this main threat is the problem of patching and updating of business and system applications. Rosewarne says many of the interviewed companies had complaints about the time and logistics associated with protecting systems. Even after their automated systems told them that all systems were secure, a physical audit revealed otherwise.
If firewalls and AV software only offer adequate protection against what they were created to defend, what about other threats outside of their defences? They offer little or no protection against:
Targeted attacks against companies
The list of companies falling prey to organised crime syndicates is growing by the day. Competition is hotting up between these criminals, and they are on the look out for new untapped markets. So far it has been mainly large financial or e-commerce companies that have been hit but medium-sized companies are next, Rosewarne adds. Although they may not offer as great a reward, they are a far softer target, with little or no defence in place.
Instant messaging
New worms propagated through Instant Messaging systems have significantly affected both work and home users. The level of sophistication amongst malicious coders has even seen users merely mousing over a hyperlink to activate the worm - many of which mutate and can even change the kernel of the operating system.
Internal threats
It is all very well spending money to protect your network from outside attack, but what about threats from the inside? There is a growing threat to companies from disgruntled ex-employees causing disruption, or committing intellectual theft. The internal threat has also escalated, as more companies employ contractors - many of whom are granted similar access to full-time employees. What is to stop a person from walking out of the door with all your confidential information on his memory stick or cell phone?
Wireless networks
Despite companies reading about the dangers of running unprotected WLANs, the majority of companies are still totally careless in this regard. "Take a drive along the N1 or into Sandton with a wireless laptop running scanning software, and you will be horrified at the results," says Rosewarne. Large listed companies often run no encryption, display their SSIDs, broadcasting in bridge mode hundreds of metres outside their building. They may as well run a network cable out into the street.
Local businesses have to place more of an emphasis on IT security, he says, simply hoping that you are not under threat is not going to help anymore.
"We urge companies to, at the very least, conduct a security audit to determine their level of security risk. Security need not be costly, and there is a wealth of free open source intrusion detection, patch management, vulnerability assessment, event correlation and spam filtering available, which can be deployed quickly and cost-effectively," he concludes. |