Biz-CRIME FACTS!

CYBER CRIME: NEW THREATS, NEW DEFENCES

By Ashish Dhawan

Cyber crime is becoming increasingly sophisticated.
Threats which once arose from Botnets have now evolved to
DDoS attacks wherein multiple computers and internet connections are used to disrupt host services and restrict user access to servers and network resources. Recently, the Spamhaus Project, a spam fighting organisation, fell victim to what is regarded as the
largest DDoS attack at 300 billion bits per second. These are
instances at how sophisticated the world of cyber crime has become and the potential difficulties CIOs face in restricting
these threats. With the increasing
popularity of Big Data and BYOD,the requirement of more
effective cyber security is extremely high.

On the rise :
Recently, well-choreographed attacks on two India-based card processing companies, where
hackers raised bank balances and withdrawal limits, garnered widespread media visibility. The
exploits which resulted in a combined loss of $45 million from two Middle Eastern banks
has left even cyber crime experts both baffled and impressed by the sheer technical sophistication of the attack.
In other recent instances, banks in South Korea fell victim to cyber-attacks where hackers
planted malware into the computers of six organisations.
Around 32,000 companies were affected by the incident. It was reported that the IP address did not reveal the perpetrators of the attack, as they were routed through addresses in other
countries to hide their identities.
The above instances of cyber attacks underscore the growing complexity and challenges we
face while securing our valuable digital assets. Unlike physical
assets, the vulnerability of virtual
systems is much higher and despite the progress in security technologies, we are still vulnerable.

Numbers say it all:
A recent study by the Ponemon Institute entitled ‘Efficacy of
Emerging Network Security Technologies’ showcased the
approach that companies are taking towards combating
security issues, and the investments they are making to protect their data. The study,
which was commissioned globally by Juniper Networks,revealed that on average the
effectiveness of security solutions adopted by Indian
organisations is only 4.7 based on a scale of 1-10, with 10 being
the most secure.
Close to 5,000 IT security practitioners surveyed globally
agreed on one thing. Threats in terms of financial losses, brand
value degradation and regulatory impact, have now encouraged organisations to consider security as a very important part
of their IT strategy. This has impelled IT practitioners to
deploy solutions that the report terms as emerging network
security technologies that includes intrusion prevention systems, firewalls and VPNs.
The survey, which took into account the input of 554 Indian
professionals across various organisations, also attributed the
growing sophistication of cyber attacks and changing threat landscape as reasons why organisations are investing in emerging network security
technologies. The issues that keep most IT security practitioners up at night are the theft of their intellectual property,including research and
development,business strategies and industrial processes.
Some of the results of the report are as follows:
64 per cent say securing Web traffic is their biggest security
concern.
63 per cent say emerging network security technologies
only address part of the cyber security threats that they face.
On an average, respondents say the security posture of their organisation is only 4.7 based on
a scale of 10 being very effective.
Respondents also rate their organisation’s ability to quickly
detect and prevent cyber attacks as fair (4.8 and 4.6, respectively on a scale of 10 being excellent).
The results of the Ponemon Institute survey are a good
example to indicate the increased awareness companies
have regarding various security threats and their implications,within organisations. Companies of almost all sizes have considered, analysed and deployed solutions that they feel are effective at detecting known
and or potential threats.

Being proactive:
What companies need to realise is that the current generation of
solutions they are using is only capable of detecting threats
which have already attacked, or in the process of attacking, their systems. What they need are solutions which can stop hackers before they have breached the company’s data.

_to be continued_