2013 Heralds a New Era of Post-PC Security
By Sumit Bansal, Director of Sales, ASEAN, Sophos
Organisations have entered a new stage of technology that offers end users far greater independence and convenience for accessing data than the PC alone. But as they enter the post-PC era, new threats have emerged to challenge data security.
Consumerisation of IT and ‘bring-your-own-device’ (BYOD) is bringing devices like iPads, iPhones and Android phones onto corporate networks. Today’s workers are regularly testing the traditional boundaries of security, with increasingly porous firewalls as employees access services remotely from their mobile devices – all of which require security that mirrors but also improves upon PC solutions.
With the fast-rising popularity and massive growth of smartphones for business use, malicious mobile software and malware viruses, worms, trojan horses, spyware and other rogue applications will increase exponentially. In this environment, advanced persistent threats (APTs) represent the next generation of Internet crimeware, while the threat of attacks on web applications to extract data or to distribute malicious code persists.
In our 2013 Sophos Security Threat Report http://www.sophos.com/threatreport we focus on 2012 as a year of new platforms and modern malware—what was once a homogeneous world of Windows systems, is now a landscape made up of diverse platforms. Modern malware is taking advantage of these trends, creating new challenges for IT security professionals. 2012 was also a retro year driven by resurgence in traditional malware attacks, specifically malware distributed via the web. For example, more than 80 percent of attacks were redirects, the majority of which were from legitimate websites that were hacked.
While a large proportion of cybercrime continues to be opportunistic, we believe that, in 2013, increased availability of malware testing platforms — some even providing criminals with money back guarantees – will make it more likely for malware to slip through traditional business security systems. As a result, we can expect to see an increase in the number of incidents where attackers have gained and sustained surreptitious access to corporate networks. Other 2013 trends we see, include more basic web server mistakes, more “irreversible” malware, and a sharp rise in social engineering attacks across an array of platforms.
A recent international survey of IT managers commissioned by Sophos* revealed that growing threats and unprepared networks are particularly troubling for organisations and businesses. With regard to security, 44 percent of respondents cited the growing need to use cloud-based services as a major concern; 39 percent were worried about sophisticated threats; 39 percent about managing mobile devices; and a further 35 percent saw data loss as a significant challenge.
The survey also found that 93 percent of SMBs are integrating remote working policies into their security provision, with more than half of respondents (52 percent) expecting to improve security precautions to mitigate additional risks posed by remote working. Wireless networks were also an issue, with only a fifth (21 percent) being very confident in their security. More than a third (36 percent) of businesses struggled with applying consistent security policies across all offices. The research also found that, on average, firewalls were five years old, and that one in five respondents had suffered a network outage caused by a malware infection in the last 12 months. These findings highlighted the daunting task of keeping up with the latest technologies and threats.
With the increased frequency of cyber attacks and methods to penetrate the corporate network, improvements need to be made across the board.
The research also revealed some encouraging statistics about IT budgets. Nearly half (44 percent) of survey respondents pointed to investment in IT, including virtualization (48 percent), cloud computing (44 percent), remote working (44 percent) and improvements to the wireless network (49 percent). The vast majority (70 percent) of companies surveyed were also planning to support this with further investment in security.
Clearly, enterprises and SMBs are being forced to sit up and rethink their security and defense mechanisms for mobile device and application management, and look at implementing robust security tools to remotely secure, monitor, encrypt and manage data, and secure and control corporate data and applications on an application-by-application basis.
Going into 2013, companies are re-evaluating how they tackle IT security. A fragmented approach is consistently leaving networks vulnerable to attack, as new technologies such as cloud, and new devices such as mobile, require more advanced security architectures.
The Sophos survey found that when choosing a network security solution, the highest priority for companies and organisations is a low cost of ownership (30 percent), followed by ease of use (24 percent), and support offered (22 percent).
In the enterprise and government market segments in particular, we see a strong focus on bringing costs down and improving staff productivity, in Malaysia. Cloud and virtualisation – with the new security challenges these technologies bring – will continue to be the key means by which these and other organisations expect to consolidate costs and improve customer and internal processes.
Along with cost-effectiveness and ease-of-management, BYOD stands out as a key driver of increased demand for security solutions that are integrated, particularly from organisations in the financial sector, telecommunications and government in Malaysia.
In addition, increased awareness of, and action on, compliance requirements will continue to be a significant driver of demand for security solutions in the financial sector and with Telcos in Malaysia, following the gazetting of the Personal Data Protection Act, and with the implementation of PCI-DSS compliance for credit merchandisers and receivers.
For many organisations, it is time to take a more holistic approach to IT security, one that optimises their security infrastructure and ensures all elements of protection function seamlessly together. This is driving a requirement for integrated solutions that will give active protection through the cloud and protect against a variety of threats with endpoint, network and data protection, messaging security and web security, while lowering the total cost of ownership and offering more streamlined management for increased productivity.
— – — – — – – – – – – – – – – – – – – – – – – – – – – – – – – – –
*The survey, conducted for Sophos earlier in the year by Vanson Bourne, was of 571 IT managers and directors across North America, Europe and Australia: www.sophos.com/networksecuritysurvey