This paper considers some of the Web-related issues that might arise for individuals, and emerging or longer term threats that you may want to keep in mind when modernizing or extending your security infrastructure. At the same time, security protections are evolving to meet such needs. Here we also consider what solutions are available and how to start deploying such new levels of protection.
How bad are the bad guys?
The changing nature of Web security threats
By Jon Collins, Freeform Dynamics, September 2009
In conjunction withIn a nutshell
This paper considers how Web-based security threats are evolving, within the context of IT trends including mobile, home computing and other forms of remote access that could all potentially increase the attack surface of the organisation.Key points:. Web-based threats are not going away, but they are changing based on an increasingly financially motivated community of online criminals.. A number of mechanisms exist, each with their own benefits - the trick is to implement a layered approach that makes appropriate use of each one. . Starting points for protection revolve around setting appropriate policies, raising awareness and implementing the right mix of protection.
Introduction
The Internet has come a long way since its rudimentary beginnings as a government and academic network. At its heart it is fundamentally simple - allowing packets of information to be moved from one computer or device to another. But, even after the dot-com collapse when many said the Internet was 'done with', what we do with it continues to evolve.
Today we are seeing the Web broaden its reach to an ever-widening range of devices, and with increasing levels of interaction. Communications services such as WebEx and Skype take advantage of the greater bandwidth available in both home and mobile environments, and meanwhile social networking sites such as LinkedIn, Facebook and Twitter are rapidly growing in popularity.
While this is all very positive and welcome, due diligence requires that we turn our attention to the security risks that are posed by such changes in use and behaviour. It's quite trendy in security circles to talk about the biggest threats being internal, in terms of opportunistic breaches, loss of productivity through Web browsing and so on. Meanwhile, many organisations still see Web security as relating to viruses and malware infecting unprotected desktops. For many, it will be time to review these positions and act accordingly.
This paper considers some of the Web-related issues that might arise for individuals, and emerging or longer term threats that you may want to keep in mind when modernising or extending your security infrastructure. At the same time, security protections are evolving to meet such needs. Here we also consider what solutions are available and how to start deploying such new levels of protection.
This paper was compiled and written on an independent basis by Freeform Dynamics based on multiple studies during 2008-2009, within the framework of its community research programme and supported by Webroot. For more information on community research see http://www.freeformdynamics.com/services.asp.
How bad are the bad guys?The scale of the threat
What kinds of threats are lurking about in today's Web? As a starting point it is worth reminding ourselves that the bad guys never went away, but they too have continued to evolve. As they look for new ways to exploit holes in technology, they have become increasingly financially motivated, as illustrated by cases in the press of identity theft and credit card fraud. Organised crime has picked up where the 'hobbyist hacker', doing it for kicks, left off.
Perhaps the most significant trend is towards more intelligent, targeted attacks on both individuals and businesses. Big companies have lived with this for a while, being hit by those extorting money or causing damage for some political motivation. But with smaller organisations and their employees being more visible on the Internet than they have ever been, through their company Web presence, social media, and so on, there is both more risk of becoming a target, and more information available to attackers to work out how best to hit you.
So, what kinds of threats are we talking about? We can consider:
. Malware, viruses and spyware. Recent events such as the Conficker worm suggest nobody should be binning their desktop antivirus nor their content filtering tools just yet. Email viruses and malicious code continue to be a potential problem, but more of a risk today is that of spyware downloaded from the Web, which a user can inadvertently install at the same time as a 'freeware' program or a Web site plug-in. Spyware can be used to track the activities... [download for more]
