IT security: From cottage industry to organised crime (page 1 of 3)

By Jim Mortleman

But although it will never be possible to protect a company fully from these threats, with the right processes, technologies and services in place IT heads can bring the risks down to an acceptable level for a reasonable (although not insubstantial) cost.

So what exactly are the threats and how serious are they? At the most basic level, unprotected systems face attack from viruses, worms, trojans, spyware and other malicious software, or 'malware'.

These are programs that infect your system either via an email attachment, web page, compromised file or application, or via physically connected devices such as USB memory sticks.

There are millions of variants. Payloads vary wildly, from doing no serious damage right through to deleting/stealing data and giving hackers total control over your system (often as a node in a 'botnet' - a network of compromised machines that work together to carry out further, co-ordinated attacks).

The cat-and-mouse game between security specialists and 'black hat' hackers is like an arms race. As security researchers solve one problem, the black hats develop ever sneakier means to stay under the radar.

At one time, countering viruses was a simple case of finding the individual 'signature' of each and adding it to a database of known offenders. Today's malware often uses sophisticated techniques to conceal itself - polymorphic and encrypted malware can bypass traditional detection systems, change its shape and hide itself.

Methods of infection have also become more sophisticated. There's no longer any need to persuade people to open an attachment or download and run a file - your system can be compromised simply by visiting an infected website.

And black hats are using ever more subtle psychological tricks to get people to click on infected links, hiding malware in a legitimate-looking page on a item of current interest, say, then distributing a link via email or, increasingly, sharing it on social networks like Facebook and Twitter.

Adrian Marsh, Managing Director of Growth Markets EMEA at Trend Micro, says: "We have seen more variants of malware over the last 12-18 months than in the previous 19 years of the company's existence combined. Email-borne threats have not gone away, but the fastest-growing means of infection is now via the web.

'Threats are increasing in sophistication by targeting individual organisations, reacting very quickly to high-profile events and blending together different elements such as email, web and social engineering techniques."

Heuristic and behavioural analysis

Most of the key system security vendors like Trend Micro, Symantec and McAfee do a good job of keeping up with known threats. Their layered anti-malware products today not only check files against a databases of signatures, but also use so-called heuristic and behavioural analysis technologies.

These can protect (to some extent) against unknown threats, by examining whether a piece of code looks similar to something else known to be harmful or is behaving in a suspicious way (for example, trying to download additional components or change system files). They will never catch everything, and can also throw up 'false positives', but along with firewalls they are a good first-line defence.

Larger Middle East companies and multinationals understand the need for strong levels of security to protect the business.