Gartner, Inc. has advised businesses to plan for five increasingly prevalent cyberthreats that have the potential to inflict significant damage on organisations during the next two years. They are targeted threats, identity theft, spyware, social engineering and viruses.
Gartner expects that by 2008 40 per cent of organisations will be targeted by financially motivated cybercrime, and warns that in the next two years, at least 50 per cent of organisations will experience a social engineering or a virus attack.
Targeted threats are cyber attacks with a financial motivation that are aimed at one company or one industry. They lead to the exposure of customer sensitive data, damage to corporate reputations and potential lawsuits. Gartner urges organisations to incorporate penetration testing into vulnerability management processes and investigate more aggressive intrusion detection and protection approaches that move beyond threat-signature-based approaches. It also advised companies to evaluate managed security services when internal capabilities are not available or sufficient for advanced security activities.
Identity theft refers to the theft of an individual's personal or financial information for the purpose of stealing money or committing other types of crimes. Although the number of victims has stayed relatively stable, defenses are poor and regulators around the world, especially in the banking segment, are driving more protective measures. Gartner advises organisations to combine fraud detection with user authentication and transaction verification to ensure that user authentication methods are matched to the risk of the transaction environment. Data must also be protected using a variety of complementary measures, including strong access controls, encryption or masking where feasible, and database activity monitoring.
Spyware is malicious software that can probe systems, reporting user behaviour to an advertiser or other party without the users knowledge. This continues to be a disruption as it can be used to send confidential information to unauthorised persons without the knowledge or consent of an e-mail user. Gartner predicts that by 2008, 20 to 50 per cent of organisations will experience a spyware attack and advises organisations to ask their existing desktop security vendor to provide an integrated anti-spyware solution. They should also use their gateway and network security devices to provide anti-spyware capabilities in the network, a strategy that has proved effective in the fight against viruses and spam.
Social engineering is the practice of obtaining confidential information by manipulating legitimate users. The simplest, but a still effective attack is to trick a user into thinking he or she is dealing with an administrator requesting a password or making him reveal other sensitive information. While this threat is well understood, it continues to be problematic because it requires human countermeasures. Defence against social engineering relies on deploying consistent security policies and practices that include educational and clear reporting programmes as well as appropriate technology management. For example, to minimise the risk of sending confidential corporate documents or trade secrets to inappropriate recipients, organisations should use content monitoring and filtering tools. To limit what a successful attacker can get access to, they should enforce the principle of least privilege when assigning access rights.
Viruses are becoming more malicious and their effects could ultimately impact data or network integrity and security, e-mail privacy, and a corporation's reputation. Viruses can ultimately cause direct loss of money. Gartner advocates organisations to continue to deploy signature-based antivirus software, but they should also improve patching configuration and vulnerability detection techniques to harden PCs against popular viruses. In addition, users should pressure their incumbent antivirus vendors to provide non-signature protection, or they should switch to vendors that offer this capability.
[This is all from Gartner's conference in London today. It contains absolutely nothing new, but here you - now Garter have said it too! --Ed].
Related links: (Open in a new window.)
www.gartner.com/it/docs/reports/asset_154296_2898.jsp
Taken from Information Security Bulletin.