State Of Technology Security: Top 10 Biggest Security Threats
Far and away, the largest percentage of partners -- 39.7 percent -- cited Data Breaches as the biggest security threat facing customers in Everything Channel's State of Technology Survey. Customers are scared of losing critical data -- and they have good reason to be. An updated Ponemon study -- "The Cost of A Data Breach" -- estimated that the average cost of a data breach grew to $202 per record compromised, an increase of 2.5 percent since 2007 ($197 per record). The average total cost per reporting company was more than $6.6 million per breach. For large enterprises, data breaches often constitute an expensive headache. But for midtier organizations and smaller, a data breach may represent the end of business altogether. Meanwhile, this constant threat is continually underscored by high-profile data breaches, such as the attacks on credit card processor Heartland Payment Systems in January, which are regularly splashed across headlines on what seems like almost a daily basis.
Following a close second to data breaches was Internal Threats, which 35.9 percent of partners ranked as one of the most serious security threats on the Top 10 list. The increasing "insider threat" is illustrated by the attack on Fannie May in January, in which a former engineer at the mortgage finance company allegedly planted a logic bomb that, if it was not discovered, would have shut down the company for at least a week by decimating all 4,000 of its servers, and costing the company millions in lost productivity and damages. Internal threats range from losing a laptop or leaving a smartphone in a taxi cab to maliciously sending confidential documents outside an organization or stealing sensitive corporate data for personal gain.
Unbeknownst to many, internal threats constitute the lions' share of security breaches and can be just as costly as external malware attacks. Partners say that as companies are forced to further reduce staff and resources in light of the weakened economy, more disgruntled workers will find ways to seek retribution from their employers, which will often come in the form of taking valuable data, trading company secrets with competitors or pilfering money from the company. (Remember the film "Office Space"?) Meanwhile, companies that conduct massive layoffs will also have to deal with an onslaught of access issues and open accounts that will open up the door for both internal and external attacks.
Social Networking Threats made the Top 10 list for the first time, coming in third place with 34.4 percent of the partner vote. But partners have acknowledged that social networking attacks pose a very real and serious threat. End users have been exposed to countless Trojans, Internet worms and phishing attacks targeting social networking sites such as Facebook and Twitter. Attackers have exploited a wealth of personal and identifying information that users freely share online to commit identity theft crimes. In addition, social networking sites carry with them a strong trust component. Unlike spam attacks, which typically originate from an unfamiliar or suspicious source, social networking attacks often appear to come from someone the user knows and trusts, compelling them to click on infected links or malicious files that ultimately download malware onto their systems.
The market for hackers has also been flung wide open as more businesses utilize social networking sites to promote their business and establish important contacts. And there appears to be no reprieve in sight as the social networking market continues to expand.
Coming in at No. 4 on the list are Trojans and lots of other standard malware. These are the most malicious and frightening types of malware -- mostly due to the fact that they stealthily sit on infected machines -- unbeknownst to the users -- and silently pilfer any and all financial and identifying data, as well as login credentials and other sensitive information. Once acquired, users' data is harvested and stored on illicit Web sites that auction identities to the highest bidder. Many organizations -- especially SMBs and the lower markets -- are abysmally underequipped to deal with the sheer volume and technical sophistication of the latest Trojans and keyloggers. And despite the spate of security threats that have graced the headlines and swept through enterprises, partners say that the majority of end users still remain unaware that they are at risk of attack.
Almost a quarter -- 22.5 percent -- of partners polled said that phishing was a top security threat, putting it at No. 5 on the list. This year, social networking sites such as Facebook and Twitter proved to be fertile ground for attack venues, exploiting users' trust and familiarity by impersonating friends on contact lists. This year, Facebook users were pummeled with a barrage of phishing attacks that lured users to a fake login site in an attempt to steal login credentials. And, of course, phishers employed their tried-and-true techniques to entice users to click on malicious embedded links, filling users' e-mail inboxes with phony news headlines about President Obama, swine flu and Michael Jackson's death, along with the usual array of tax-time scams and phony donation sites exploiting natural disasters.
Tried and true, viruses ended up as No. 6 on the Top 10 list with 21.1 percent of the channel vote. While viruses have been superseded by more sophisticated threats in recent years, they can still wreak havoc on users' computers. Meanwhile, viruses have new avenues by which to infect users, including USB sticks, P2P networks and infected links. Like other malware, viruses can propagate through a network to infect every contact a user has -- from e-mail to social networking lists. Meanwhile, viruses also continue to plague users in the form of scareware -- fake antivirus software that conducts a bogus scan of a user's system and then promises to eradicate any "malware" -- for a small fee, of course.
Remember Conficker? Well, how could you forget? Which is why 20.6 percent of partners ranked Internet worms as the biggest security threat out there, putting it at No. 7 on the list. Conficker's authors unleashed the notorious worm in October 2008 by exploiting a critical Microsoft vulnerability in the way the Server Service handles RPC requests. Since then, Conficker has infected millions of PCs around the globe, spreading like wildfire on peer-to-peer networks and USB sticks. The most recent variant -- version C -- contained numerous defensive measures designed to evade detection and removal by disabling Windows Automatic Updates and Windows Security Center, along with the ability to block access to several security vendors' Web sites and rendering numerous antivirus products useless.
The world-renowned worm splashed across every headline last spring when it was set to receive an update with a changed domain generation algorithm that opened up unfettered communication to hundreds of the 50,000 potential newly generated domains. The latest variant also had the ability to contact its command and control centers for further instructions, while circumventing interference from the security community. News of Conficker eventually fizzled under the prolonged global scrutiny and media attention, but the world still waits for another Conficker-like worm to emerge.
They're the men (and women) behind the mask. Organized cybercrime networks power the majority of malware on the Web, and they're not going away any time soon, which is why 20.6 percent of partners ranked them as one of the most serious security threats. Last year, the FBI reported that for the first time ever, revenue from cybercrime had exceeded drug trafficking as the most lucrative illegal global business, estimated at reaping in more than $1 trillion annually in illegal profits.
Individuals or groups of hackers loosely tied together with common goals have coalesced into an organized criminal hierarchy, and like a cyber Corleone family, come complete with defined roles and system of rewards. Underground organizations such as the Russian Business Network, the Gray Pigeons and Honkers Union of China, continue to pummel users with phishing attacks, spam campaigns and targeted malware that infect users, steal their personal and financial data and connect them to armies of compromised drone computers known as botnets. As well-funded, well-managed businesses, they are growing at breakneck speed, continuing to evolve with complex ecosystems and technologies that have become increasingly sophisticated and efficient. And like any growing enterprise, they're expanding their reach to smaller but more likely targets, to the multitude of underequipped and cash-strapped SMBs and small midtier companies.
Many partners would contend that while still in its infancy, cyberespionage is a rapidly emerging threat, and gaining momentum as a viable tactic that often precipitates cyberwarfare. Consequently, 13.9 percent of partners surveyed ranked cyberespionage as a top security threat. This year alone has seen a copious amount of denial of service attacks, with an especially damaging DoS campaign targeting South Korea and a slew of U.S. government and corporate Web sites, including those of the White House, Pentagon and New York Stock Exchange. Meanwhile, hackers also targeted a pro-Georgian hacker on the one-year anniversary of Russia's invasion of Georgia by launching a massive denial of service attack on Twitter and other blogging sites to which he belonged. Meanwhile, Iran protesters also used the micro-blogging site to make political statements by flooding the site with requests in an effort to shut it down. But perhaps the most frightening cyberespionage incident was a suspected attack last April on the U.S. electrical grid by hackers who installed malicious software that could be used to stop power or disrupt the system. And, no doubt, political hacktivism and cyberespionage will likely be a primary political tool in subsequent years as more of the international community puts its critical infrastructure on the Web.
Ten percent of channel partners ranked zero-day exploits as one of the biggest security threats out there, putting it at No. 10 on the Top 10 Security Threats list. Granted, many of these partners are likely the ones to grumble while patching scads of vulnerable systems in an effort to prevent attackers from exploiting the reported zero-day vulnerabilities when Microsoft issues a security advisory or its monthly Patch Tuesday security update. And in recent months Microsoft has seemed to get a handle on zero-day exploits, perhaps due to its recent investment in its own security offerings and increased need to for credibility in the security space. But despite this fact, zero-days, if left unpatched, still have the ability to cause untold damage once exploited (Conficker ring any bells?). It only takes one vulnerable system for attackers to launch an attack that can spread to infect millions of computers around the world.