No Letup In Security Threats To Business - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


No Letup In Security Threats To Business

Think 2003 has been a tough one for security professionals? Wait till next year.

This year has been rough on business security managers, and next year won't be any better, according to an analyst who spoke on security trends during 2003 and beyond.

"We're in a for a repeat of this year" during 2004," says Vincent Weafer, senior director of Symantec's security response center. "We should expect two to four MSBlast-sized events in 2004 and a major mass-mailed worm or virus every month on the average."

There are lots of explanations for the hard times security professionals are enduring, but one of the most significant trends this year has been the rise in "blended" threats--exploits that use multiple modes of infection, ranging from hacking and computer worms to denial-of-service attacks and Web site defacements--to create a single, advanced assault that overwhelms defenses.

Older threats such as Code Red and Nimba, and newer ones like Sobig and MS Blast, Weafer says, are perfect examples of such assaults, which have been steadily increasing for the past three years but in 2003 really caught the attention of security professionals in their numbers and sophistication. "Such threats are likely to become the norm," Weafer says.

What makes blended threats so dangerous is that they're much more difficult to defend against than, say, a single-vector exploit that propagates via E-mail or can be stopped simply by plugging a port at the network firewall. "Yesterday's strategy of 'one threat, one cure' is no longer viable today," he says.

In response, businesses will have to implement a more-comprehensive, in-depth defense that goes beyond the traditional firewall and anti-virus protection and takes a more proactive approach. Such a defense should integrate early-warning intelligence on developing security threats, be composed of multiple layers--at the network edge, on servers, and on desktops--and must take into account the newer technologies, such as wireless and instant messaging, that have the potential to open up the company to attack.

But blended threats aren't the only reason security is the year's hottest topic among businesses and will continue to be next year. The numbers are also running against the good guys, Weafer notes.

Vulnerabilities tracked by Symantec, he says, rose from an average of 40 a week at the beginning of the year to 50 per week by November. Worse, an increasing number of those vulnerabilities can be exploited remotely—80% at the moment. This means that hackers can more easily insert malicious code and wreck havoc on systems.

Attackers have moved away from targeted assaults on the perimeter of the network, such as Web servers, and are focusing on the Internet to infect a growing number of desktops, laptops, and workstations. "That opens up far more possible targets, which are typically far less well-defended," he says.

Combine that with an increasingly robust set of hacker tools that are shared much more freely than ever before, and you have the recipe for a continued security crisis.

"There's far more knowledge now available [to hackers] about how to create exploits," Weafer says, "and so the level of technical knowledge necessary to generate an exploit is falling. Hackers are standing on each other's shoulders, just plugging in new code into old exploits and kicking it out."

That's one reason why the window between the disclosure of vulnerability and the release of exploit code--and then a self-replicated worm--continues to shrink. "The notion that a company has months or even a year to deploy a patch is simply gone," Weafer says.

Among the threats that Weafer sees developing in 2004 are Trojan horses that attempt to steal information, often for financial gain rather than simple notoriety, and "anything that targets a common service in Windows." File and print sharing services, as well as anything having to do with ActiveX controls, are areas to watch for vulnerabilities and thus upcoming exploits, he says.

"Any service that's turned on by default is a potential target," Weafer adds, citing a raft of recent Microsoft Windows services--such as its Workstation service and the Windows Messenger Service--as examples in 2003.

His conclusion: "This was a tough year in enterprise security."

And from all signs, 2004 won't be any easier.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll