|Brent Crossland, senior manager of state government initiatives for Entrust, leads a discussion about the challenges associated with securing IT infrastructures at the Commonwealth Data Center Oct. 21. |
Cyber security, threats evolving
With the number of computer network and malware attacks increasing drastically around the world each year, cyber security experts agree that those attacks have become more sophisticated and targeted, driven primarily by financial gain.
According to Jeffrey Shipley, manager of Cisco’s Security Intelligence Operations Analysts Team, the Web ecosystem has become the number one threat vector, becoming more dangerous each year with a rapidly growing number of botnets, denial of service attacks and malicious business documents. Mr. Shipley talked about this trend during a discussion with state government IT professionals Oct. 29 at the Commonwealth Data Center in Frankfort.
“It’s all about the money,” Shipley said, adding that hackers no longer seek mere thrills just from breaking into a network. “These guys are not in it for fun, and they are not in it for the notoriety.”
To raise awareness of National Cyber Security Awareness Month, COT hosted four informative seminars on Oct. 21 and Oct. 27-29 featuring addresses by prominent IT security specialists. Gov. Steve Beshear recently designated October as Cyber Security Awareness Month to encourage citizens of the Commonwealth to learn about cyber security and the dangers of computer viruses, identity theft, fraud and other threats.
Most data breaches are external, and organized crime has increasingly become the underlying source, according to Brent Crossland, senior manager of state government initiatives for Entrust.
James Elste, a security strategist for Symantec, said the number of virus signatures has exploded in recent years. Between 10,000 and 15,000 are now created each day, compared to only five in 2003.
He also said one of the biggest threats to end-users is “scareware,” rogue software maliciously installed on a user’s PC that mimics legitimate security software and demands money from users to remove threats. Elste said Symantec’s research has shown that scareware is often a very lucrative business for criminals who earn thousands of dollars each week by infecting PCs.
“We have to change the way we defend ourselves,” Elste said.
During his presentation, Geoff Webb, senior manager of marketing for NetIQ, discussed data breaches and how automation gives organizations the ability to better manage their security processes and deploy technology efficiently.
Webb said more than 83 percent of data breaches that were studied proved to be simple attacks, and that in 82 percent of those cases, evidence of a data breach was visible in logs. Dennis Hurst, a representative from Hewlett Packard, said it is estimated that nearly half of all Web applications contain high risk level vulnerabilities. Integration and automation are proven security practices that provide faster resolution, speed detection, reduce costs, and accelerate the maturity of the security process, Webb said.
Doris McGuire, senior managing consultant with IBM’s Global Business Services Security, Privacy, Wireless and IT Governance Practice Group, spoke of proactive stepsusers can take to protect themselves. She advises users to be leery of items that are free, including thumb drives and CDs, which can cause problems if loaded with viruses.
“It’s amazing to me how many people don’t have anti-virus on computers, even if it’s free,” McGuire said.
Dick Smothermon, chief information security officer for Commonwealth Office of Technology, said one of the biggest challenges is getting the message of cyber security awareness to all state employees.
“That is what it is all about – awareness,” McGuire said. “It is very serious – it’s more serious than it ever has been before.”