By Tom S. Noda
Published in the CWP November 2009 issue

More IT users, more threats. The scenario is simply inevitable, according to Maenard Martinez, senior operations manager of Trend Micro in Asia-Pacific.

In his keynote address during the recent Computerworld Philippines Executive Briefing on Cyber Security, Martinez said as Internet usage increases, so too does criminal activity.

He said majority of the engineering tactics that cyber criminals do today are being carried out through email (Web) or the Internet. Both served as the medium for phishing and other scam-type attacks and end-users proved to be the primary target of attacks employing deceit.

“More cyber criminals will carry out their malicious engineering tactics via email and the Internet. The more users we have, the more security threats we’re going to face,” Martinez said, adding criminals with extraordinary technical skills, motivated by massive profits can infiltrate PCs and mine confidential data, track business transactions, or host illicit Web pages and malicious code on servers or personal computers, yet undetected.

Martinez told conference participants that the world is facing an era of IT security threat that is evolving. He warned that the Philippines will not be immune since the event is “inescapable.”

IT ALONGSIDE THREATS
He noted that people nowadays rely on the Internet for global commerce, data exchange, communication and socialization and that new technologies such as Web 2.0 applications are becoming more attractive to users. Other interactive technologies such as cloud computing, social networks, and virtualization are becoming more popular too. And all of these, he claimed, pose a lot of threats to users.

“Your life, as you know it, is comprised of various pieces of critical information – like your bank account and social security numbers guard your identity and finances. With the advent of Web 2.0, our finances and identification methods become increasingly digital, and this information have grown in value – to criminals, as well as legitimate owners,” Martinez explained.

The executive said cyber crime is driving the creation of malware mainly because of the amount of money that is being made from it. For instance, organized crime and regional cyber gangs are turning this into an industry with an underground economy that is reportedly estimated in billions of dollars.

“As growing businesses adopt more and more web and mobile technologies to improve operations and services, the risks of falling victim to cyber criminal attacks also increases,” he stressed.

HOLISTIC APPROACH
In solving the problem, Martinez said technology won’t do it alone. There is a need to educate users. Yet in reality, it could be difficult. And he advises for a holistic approach.

He discussed that a holistic approach does “real-time protection” as well as “reputation services.” The former offers continuous protection to users through in-the-cloud and multi-vector correlation technologies; while the latter covers all possible threat vectors, assigns a reputation to a domain, an IP, email, file, among others, based on known or associated activities.

“We first need to see the infrastructure and be aware of what we can do with it especially the users. If we have a firewall that’s fine, but you have to understand that if you have virtualization, you have in cloud services, you need to figure out what other solutions you need,” he said. “As these technologies mature, the malware developers will also commoditize their own criminal services for these technologies which can be a very complex solution or a very simple one, depending on how large the organization is.”

STAFF AS SECURITY ASSETS
Martinez noted majority of data leaks happen from within, either by accident or on purpose by valid users who have access to the data within a corporate network. A company’s greatest asset – their employees – can also be their greatest security liability.

“It is an important part of a company’s security to educate its staff on how to protect themselves and their computers to safeguard the company’s assets. However, implementing security measures is one thing; verifying that they are properly in place and effective on an ongoing basis is another,” explained Martinez.

He said a company can always educate their employees on IT security and have security policies in place. But apart from these general solutions “awareness” is really what matters.

“Policies help but sometimes it could be inconvenient for users, like banning Youtube because of bandwidth consumption and security. On the latest front, what we’re encouraging is to find correlation technologies,” Martinez said.

Possibly Related Posts:

• The Cloud: Waiting to Descend or Forever Up in The Air?
• Moving Through the Supply Chain
• Data Recovery– Riding Through The Chaos
• Mitigating the Risks
• Greening the Workplace

 Print This Post