Top five security threats to watch

Johannesburg, 07 Jun 2011

With the RSA Conference behind us and the Infosecurity Europe Conference in London also completed, it is worth taking a look at the top five cyber security threats that were on the minds of the event attendees and other security professionals tasked with managing cyber risks across enterprises and government agencies in the coming months.

Before we assess where we are heading, let's review where we are now. We kicked off 2011 with a large number of sophisticated cyber crime groups active around the world, and with new types of criminal groups that have developed a specific expertise within the cyber security supply chain.

As a result of the increased number of active cyber criminals, we believe there is more malicious software being developed and distributed around the world than ever before.

Yet, despite the increased risk, most companies can't identify the origins of the threat and the extent of the attack. According to the Identity Theft Resource Centre, out of the 662 breaches it registered in 2010, close to 40% of the listed breaches had no cause specified (ie, the company didn't know where the breach came from), and nearly 50% of the breaches did not list which records were compromised.

It is likely that the number of cyber criminals will rise even further in 2011, resulting in more malicious software distributed and increased incidences of cyber security breaches. We believe that the following threats will be prominent over the coming months:

1. Traditional malware
Traditional malware will remain the primary mechanism of distributing software to computers on the Internet. As F-Secure reported in 2009, there was a threefold increase in the number of malware detections between 2007 and 2008, and a 15-fold increase over the five prior years. More recent numbers from McAfee indicate roughly 55 000 new malware pieces identified every day, which continues the exponential growth pattern into 2010. This trend will continue.

Trojans will likely remain the main vehicle for malware distribution. In many instances they could be disguised as a document (eg, PDF file).

2. Shift to advanced persistent threat (APT)
Attacks will be more advanced, targeted at a specific institution with a goal to acquire specific data. Oftentimes described as Advanced Persistent Threat (APT), these attacks are designed to infiltrate an organisation, hop the firewall and acquire a target. Once the software gets behind the firewall, it hops around the organisation investigating and gathering information about the internal system. It then uses this information to gain privileged access to critical information (eg, transactions processing, customer lists or HR records) and begins stealing sensitive data. Without proper monitoring in place, it can be weeks or months before an organisation detects that it is under attack.

3. Focus on finance, hospitality and retail
Financial services, hospitality and retail industries will face an increased number of threats. As data from the 2010 Data Breach Report issued by the Verizon RISK team and the US Secret Service shows, these three industries combined currently represent 71% of all data breaches.

4. Mobile devices increase vulnerabilities
Seven out of 10 companies still don't have explicit policies outlining which devices can be logged on to the network or on working in public places, as reported in the 2010 Visual Data Breach Risk Assessment Study commissioned by 3M. As more people work and access information remotely, the threat levels from existing vulnerabilities will increase and new ones will appear.

5. Hactivism as a new type of threat
The most visible example of hactivism was the recent attack by Anonymous, a group that targeted MasterCard, Visa and PayPal after those companies cut off financial services to WikiLeaks. We may see more of these types of attack by groups representing political and environmental organisations.

Just two years ago, “cyber” was not a topic frequently featured in mainstream news. Today, even some of the tabloid media is covering the subject. Cyber threats have risen from an IT issue to a topic of strategic importance to companies and governments around the world. It seems many organisations are starting to discuss the importance of cyber defence. This year, we will see whether all the talk will bring with it swift action.

ArcSight positioned as leader in 2011 Gartner Magic Quadrant for SIEM

Once again this year, we are happy to share the Gartner Group Magic Quadrant for SIEM report. ArcSight showed top results, positioned by Gartner in the Leaders Quadrant of the Magic Quadrant for both "completeness of vision" and "ability to execute".

We believe that we will continue to grow our success in these leadership capabilities now that ArcSight is part of HP, the world's largest IT vendor. Of course, now that we are an HP company, we also expect our product vision to change and expand. We see a big opportunity to connect security visibility to IT operations, giving users much more context about their applications and networks. With an integrated view into not only vulnerabilities and security incidents, but also assets, services and business processes, we can provide a level of risk intelligence that is not available in the market today.

Contact DRS to help you securely enable your business with ArcSight on 011 523 1600.