In today's trying economic climate, it is becoming clear that every organisation in every industry sector, be it financial, retail or telecommunications, is a target for cyber criminals. If they conduct banking online or host customer and supplier information, businesses must ensure they have proper security measures in place not to fall victim to these crimes.
This is according to Costin Raiu, Chief Security Expert at Kaspersky Lab, EEMEA, addressing delegates at ITWeb's 4th Annual IT Security Summit 2009 in South Africa this week.
Cyber crime today, he says, is a multibillion-dollar underground industry which transgresses borders and keeps growing at an exponential pace.
The conference provided information security professionals and IT managers with the most up-to-date information, tools, trends, legislation and strategies to address information security issues.
“Cyber crime accounts for billions of dollars in terms of losses annually and the criminals are becoming more professional in developing technologies designed to counteract traditional anti-virus solutions every day. It is not so much an issue of computer malware, but the countless vulnerabilities in operating systems as well as the installed software applications that make it very hard to run secure computer systems,” he says.
Raiu says contributing factors that lead to the flourishing of premeditated online crime is the evolution of malicious code from viruses to Trojan horse attacks, designed to steal personal information for financial gain.
“Online payment systems and online banking systems often make use of simplistic authentication technologies, and hackers use keystroke loggers, password-stealing Trojans and social engineering to gain access to accounts which are later emptied of funds.
“Even systems that use complicated multi-factor authentication techniques are at risk with the introduction of specialised Trojan horses, which are able to intercept transfers on-the-fly and replace the destination account with the attacker's account or highjack an online banking session,” he says.
According to Raiu, there is no single universal solution that would allow secure online transactions through vulnerable systems.
Various financial institutions, such as for instance Barclays (http://www.kaspersky.com/news?id=207575660) started offering Kaspersky's Internet Security Suite free of charge to its customers.
“At the same time, banking institutions that offer financial services online must use a blended approach to security, using two-factor authentication methods that rely on external devices such as smartphones or e-Tokens to ensure that user accounts are not compromised,” he says.
In his closing comments, Raiu said businesses have to begin to realise that the IT security threat is not going to go away. The protection against such risks, he says, must be international priority, involving various industry experts and associations to guard against these financial risks.
Share