Subscribe

Complex malware needs stricter security

Increasingly complex malware needs companies to re-address their existing security policy
By Ilva Pieterse for Webroot
Johannesburg, 25 Mar 2008

Companies are urged to re-evaluate their security strategy as cyber-criminals begin creating increasingly complex malware.

Security Summit 2008

More More information about the Security Summit 2008, which takes place from 6 to 8 May at Vodaworld, Midrand, is available online here.

"Cyber-criminals are quickly realising the great economic potential [of cyber-crime] and have begun to develop malware programs of incredible complexity in order to infiltrate and expose sensitive data," explains Gerhard Eschelbeck, CTO and Senior VP: Engineering at Webroot.

Roger Halbheer, chief security advisor (EMEA region) for Microsoft, concurs: "Years ago it was just cool to write a worm, today it is about frauds, scams, and so forth."

According to Eschelbeck, the past two years have seen an explosion in the amount of malware that threatens the integrity of companies` data and information systems.

He explains that to remain ever more stealth and avoid detection, rootkit techniques are being blended with keyloggers and trojans to build next-generation malware.

To combat this, says Eschelbeck, companies need to revisit how they look at malware protection. "The changing threat landscape requires rethinking of our defence mechanisms," he says.

Yet most companies today look at security as a burden or as an insurance policy, according to Halbheer. "This has to change, otherwise security will fail," he stresses.

Halbeer maintain that companies have to move from risk avoidance to risk management. "This is an important step which a lot of companies overlook. In addition, I am convinced that we need new ways of having partnerships between the government (law enforcement, national intelligence, etc), the private sector (customers) and the vendors. This needs a new way to trust each other. Without this, we will not be able to act upon the new threats."

Eschelbeck concurs: "While the desktop always is the last line of defence against malware, companies need to take a multi-layered approach to security that stretches protection from the network cloud back to the desktop."

He adds that deploying a security-as-a-service (Saas) solution can also enable companies of all sizes to enjoy enterprise-class protection at an affordable cost. "The Saas model has a range of advantages including ease of deployment and management, scalability and low cost, since the customer does not need to deploy new hardware or manage the solution itself."

Eschelbeck and Halbeer will be presenting at the ITWeb Security Summit at Vodaworld, Midrand, from 6 to 8 May.

Share