Wednesday, October 20, 2010

Highly sophisticated attackers cause the biggest challenge to system security

Bangalore: A Windows-specific computer worm called Stuxnet was discovered on July 13, 2010 which was attempting to take control of industrial infrastructure around the world. It was a Stealthy malware that propagates through USB drives and exploits 4 zero-day vulnerabilities. This is just one of the examples for the sophisticated nature of computer malwares these days. Speaking at the SilicionIndia Security Conference, Shantanu Ghosh, Vice President, Enterprise Security & India Product Operations, Symantec, explained in detail the challenges and the right approaches needed to ensure the system and network security. The highly sophisticated attackers pose a big challenge to the system security. They are so heavily equipped that it is really hard to trace them and stop them. Hydraq or "Google attacks", ShadowNet, Zeus are some of the examples for such sophisticated malwares. It clearly shows a paradigm shift in the nature of threats. It has been discovered that there are nearly 62623 distinct bot-infected computers in India in 2009. Studies also reveal that India ranks high for viruses, worms and Trojans. "Today the web attackers are highly sophisticated and apart from being fame motivated, there are specific reasons behind every attack and they know what they exactly want," Shantanu said.The next challenge to system and network security is the explosion of Information. Unsecured information has become a liability today. We also see the growth of unstructured data pegging at over 60 percent per year. It is expected that the total volume of digital information will reach 1,773 exabytes by 2011.The complex heterogeneous infrastructure makes it difficult for anyone to completely ensure the security. The device environment has changed big time and it is said that about one billion mobile devices will access internet by end of the year. There are multiple vendors in this field now. Consumerization of IT and the increasing use of employee-owned endpoints necessitate the need for actionable intelligence.Cost of a data breach is another big challenge. It is estimated at $204 per compromised record. Nearly 50 percent of information residing in enterprises is sensitive. Competition, compliance and credibility black hole are to be given more importance. It is revealed that all Indian enterprises surveyed lost revenue due to cyber attacks and an average enterprise explores 17 standards and frameworks.Shantanu feels that we can address this with a connected enterprise. It can be done through consumerization of IT, social networking sites, different mobile devices, and cloud and virtualization. He says a holistic information approach to security should be taken in this regard that should be risk based and policy driven, information centric, actionable intelligence and well managed infrastructure. He further explains that the information centric model should compile information governance, information intelligence and information infrastructure.

No comments:

Related Posts Plugin for WordPress, Blogger...