Security professionals and administrators are scrambling to protect systems from easily exploitable vulnerabilities that put sites and services at serious risk.
So says Gregory Anderson, country manager at Trend Micro SA, who notes, in the current cyber crime environment, businesses need security solutions that allow for the detection, analysis and protection from advanced malware and other cyber attack techniques.
According to a blog post by Christopher Budd, threats communications manager at Trend Micro, major security crises result from vulnerabilities like Shellshock, which are widely deployed in open source components. In 2015, businesses will see more attacks against vulnerabilities in open source software, he adds.
Anderson says Shellshock went undetected for several years and was found towards the end of September in most Linux and Unix operating systems as well as in Mac OSX. It posed an immediate threat to over half a billion servers and devices worldwide and, although end-users may not have been directly affected, the Web servers and other systems they use could have been, he adds.
Shellshock reiterates a lesson learnt from Heartbleed ? open source software is in dire need of an advanced response framework similar to what other established software vendors built to handle these situations (and vulnerabilities) that endanger the Internet itself, says Anderson.
He points out businesses need stronger security tools to help IT administrators scan and protect servers.
Anderson believes South African businesses are still not putting as much focus on security as they should. He says most companies think they already have good security in place.
"If companies have a breach, targeted attack or custom attack, what would the financial impact be to their business and what impact would it have on the brand? They simply may not recover from a targeted attack because of exactly that ? brand damage and financial loss," he adds.
Anderson points out what a lot of SA businesses need, but still do not have, is a security policy. They must also review security risk regularly and constantly review their security budget.
"Our findings confirm we are battling rapidly-moving cyber criminals and evolving vulnerabilities simultaneously," said Anderson in a statement. "With this fluidity, it's time to embrace the fact that compromises will continue, and we shouldn't be alarmed or surprised when they occur."
He believes preparation is key and the security industry must better educate organisations and consumers about heightened risks as attacks grow in volume and sophistication.
According to Trend Labs 3Q 2014 Security Roundup report, a good mix of secured systems and proper patch management can be considered a defence strategy against such cyber attacks. Coupling the strategy with employee training and awareness on security can also help minimise the growing attack rate as more vulnerabilities are uncovered, says the report.
If organisations and consumers understand cyber criminals are finding vulnerabilities and potential loopholes in every device and platform, it may help them confront challenges so technology can be used in a positive way, adds Anderson.
Share