A recent article in InfoWorld, by security expert Roger Grimes, discusses the 9 biggest security threats facing IT professionals. We like these lists. The author synthesizes the many and myriad emerging threats to network security and creates a more digestible presentation of the threat landscape.
Grimes list is one IT pros should find helpful:
Threat 1: Cybercrime Syndicates – These syndicates are sophisticated multi-dimensional organizations with distributed marketing, an effective division of labor and singular focus – building a huge lasting criminal distribution empire. Because they use multi-layered tactics, your defense must be multi-layered also.
Threat 2: Small Crime Operators – These are the more entrepreneurial criminals – what Grimes refers to as the mom-and-pop version of the syndicate. They steal passwords and identities for financial gain and are more likely to get fraudulent credit cards or use banking transactions to convert their stolen riches into laundered cash.
Threat 3: Hactivism – This new religion is the creed of politically motivated hackers who are devoted to embarrassing or in some way bringing negative media attention to their chosen victims. They operate in the open and announce their exploits in advance. Common attacks include hacking customer information or launching DDoS, distributed denial of service, attacks.
Threat 4: Stealing Intellectual Property and Corporate Spying – This is a form of criminal hacking that includes the theft of new product data, patents, military secrets, financial information, business strategies, and more. They strive to gain access to networks and stay as long as possible using malicious search engines and query tools to locate their targets. These advanced persistent threats (APTs) can be particularly challenging for IT pros.
Threat 5: Malware Merchants – These are teams dedicated to creating malware that they use themselves or sell to others. Their product is designed to bypass security defenses and attack specific targets often using malware that is multi-phased and componentized.
Threat 6: Botnet Rental – Everyone is familiar with botnet kits, which are easily bought and sold and used to create vast armies of compromised computers – larger ones can include millions of machines. In fact there are so many botnet armies that hackers can rent botnets cheaply, creating greater challenges for IT pros.
Threat 7: One-Size-Fits-All Malware – These all inclusive programs are created as sophisticated, centrally managed software that is often posing as innocent utilities such as antivirus scanners or defragging tools. Once the Trojan horse is inside your network, it can unleash a variety of tricks to compromise computers.
Threat 8: Compromised Websites – This is becoming more prevalent and can introduce all sorts of malware exploits. Some of the common vulnerabilities exploited include poor passwords, cross-site scripting vulnerabilities, SQL injection, software vulnerabilities and insecure permissions. Regardless of the method used, once a website is hacked, it can quickly infect other sites.
Threat 9: Cyber War – The author lists the magnitude of the problem of cybercrime and the inability of law enforcement to prosecute criminals as one of the threats facing IT pros. He characterizes this environment as the “wild west” era of cybercrime and optimistically predicts that it will eventually end and cybercriminals will run out of safe havens.
Multi-Layered Defense is Key
While we can hope his final predication about cybercrime will come true, in the meantime, IT professionals face unnerving challenges from sophisticated criminals using multi-dimensional tactics. What’s needed is multi-layered defenses and EdgeWave Web, Email and Social Media Security solutions offer the technology that can help keep your networks safe.