ENTERPRISES today are grappling with an array of security issues brought about by changing attitudes and work habits among their employees as well as the dynamics of a more collaborative, connected and mobile world. Enterprises must continue to protect against a wide range of potent threats from cybercriminals, who are currently reaping success as well as investing additional resources in refining advanced threats to cyber security.
A recent study, the Cisco 2011 Annual Security Report, highlighted the most important cyber security trends of last year and also reported a dramatic decline in the volume of spam. The report noted that although the number of vulnerabilities had increased there were fewer widespread attacks but rather an increased number of smaller, focused attacks.
Cyber threats in 2012
The report analysed the types of cybercrime that Cisco’s security experts predict profit-oriented scammers will channel their resources toward in 2012. Based on what happened in 2011, Cisco's security experts predict that attacking mobile devices as well as hacking into the cloud infrastructure will rise in prevalence in 2012. Money laundering is also expected to remain a key focus area for cybercrime.
It is not surprising that mobile devices have caught the attention of cybercriminals, the report stated, since this is where users are moving and people are increasingly accessing the internet, e-mail and corporate networks via mobile devices. Attacks on mobile devices have been around for years but had not been widespread and were more akin to research projects rather than successful cybercrime. But the report noted that this is quickly changing and that as more businesses embrace cloud computing and hosted services, cybercriminals are looking to the cloud in search of criminal opportunities.
The Cisco report stated that enterprises must now be mindful of another potential security threat that could be even more disruptive to their operations if they are targeted, and called the threat “hacktivism”.
Hacktivism is a morph of traditional hacking. At first hackers attacked websites for fun and notoriety, later it was for a prize or monetary gain. Hacktivism is often about sending a message and a business may never know why it was made a target.
The report defined hacktivism as a blend of hacking and activism that was catapulted to the top tier of security concerns in late 2010 when supporters of WikiLeaks launched distributed attacks against institutions such as PayPal and MasterCard in an initiative dubbed “Operation Payback”.
In many ways, hacktivism is a natural extension of how people are using the internet today – to connect with like-minded people all over the globe. The internet serves as a powerful platform for those who want to make a statement and grab the attention of a wide audience and motivate others to pursue similar actions.
The internet generation
As the so-called internet generation enters the workplace, it is tending to ignore cyber security and this has a great impact on the overall security of employers. According to the Cisco Connected World Technology Report, seven out of 10 young employees frequently ignore their company’s IT policies and one in four has been a victim of identity theft before the age of 30.
That report revealed startling attitudes toward IT policies and growing security threats posed by the new generation of employees entering the workforce – a demographic group that grew up with the internet and has an increasingly on-demand lifestyle that mixes personal and business activity in the workplace.
The report stated that the desire for on-demand access to information is so ingrained in the incoming generation of employees that many young professionals take extreme measures to access the internet even if it compromises their company's or their own security, noting risky behaviour such as secretly using neighbours’ wireless connections, sitting in front of businesses to access free Wi-Fi networks and borrowing other people’s devices without supervision.
Security in a connected world
Enterprises and their security teams need to be vigilant about a much broader range of risk sources, from mobile devices and the cloud to social networking and whatever new technology tomorrow might bring. A two-step approach is required: reacting to security vulnerability disclosures while also being proactive about educating employees about how to protect themselves and their enterprises from persistent and potent cyber threats.
Like the Earth itself, the connected world has a light side and a dark side at all times. Enterprise security can exist in this world – but building an effective model requires new thinking as well as some risk-taking and maintaining it demands more vigilance than ever before.
The core challenge for businesses today is to find the right mix of technology and policy to meet their unique combination of needs. This is not an easy process but the end result will be a more agile business that is better prepared to adapt – both swiftly and securely – to changes in technology that tomorrow will inevitably bring.
Marcel Rebroš is the general manager of Cisco Slovakia
This column is prepared in cooperation with the American Chamber of Commerce. www.amcham.sk
26. Mar 2012 at 0:00 | Marcel Rebroš