|
In the past year there have been many real life examples of what can happen if sensitive data has not been secured properly. Data security breaches have been reported at many high profile companies including TJX, Disney, Western Union, Fidelity, Monster.com and TD Ameritrade. Data breaches have also occurred at many smaller organizations, yet they are often not made public. The FBI estimates that spyware and other computerrelated crimes cost US businesses $67 billion per year.1 The damage to a company's brand is immeasurable. Spyware is on the rise and has been the cause of many data breaches. The reason for this is that unlike virus writers, the motive of its perpetrators is financial gains. Unprotected data that once had a low risk of being stolen now has a greater chance of being exploited. Sophisticated spying techniques are being used to steal data, such as key logging (an application that records keystrokes), or modifying host files to redirect an IP address from a trusted website to another untrustworthy site. There are many tools freely available on the Internet to aid with this data theft, and to complicate the situation even further there is often legitimate software that can be used for illicit means. For example, remote control software used by technical support to troubleshoot employees' computers can be used to obtain unauthorized access to a system containing confidential information such as social security numbers or bank accounts.
Not only is there a sinister motive by spyware developers and distributors, but spyware has exhibited more complex multifaceted behaviors making detection and removal more difficult. Microsoft reports that in the first half of 2007 there was a 500 percent increase in trojan downloaders and droppers (malicious code used to install files such as trojans, password stealers, key loggers and other malware on users' systems) as compared to the previous six months.2 Spyware is pervasive on the Internet and it can be difficult to pinpoint where a user may download spyware. Since it can be invisible to users, the longer the spyware is running undetected on a system, the greater chance a data theft may occur. Usually there is only a hint that spyware is present when computer or network performance degrades, users report more display ads, and/or users report their browser home page has been redirected.
Even in the face of escalating data security breaches, many administrators are not using a solution that specifically addresses the spyware threat. In a survey of 479 US corporations, the Poneman Institute cited that 62% of IT security professionals rate spyware as the number one threat to the integrity of intellectual property and customer personal identifiable information, yet 98% of them rely on firewalls to protect them against spyware.
There is a great temptation to use anti-virus and/or firewall solutions already installed in an organization for spyware protection. Because these products are already in place, there is virtually no effort required to add anti-spyware on the part of overtaxed administrators. Some vendors will claim in their literature that one solution will protect you from many potential data breaches that can occur through viruses, spyware, spam, and DOS attacks. These 'all-in-one' security solutions are helpful when IT departments are understaffed and have a long list of requirements that need to be implemented to comply with their data security goals. However, upon further examination of the technology used in these solutions to prevent spyware, one would conclude that they are greatly limited and leave an organization's data open to potential theft.
Anti-virus vendors' primary means of detecting and stopping viruses is by using a database of virus signatures. This works by examining the content of the computer's memory and the files stored on fixed or removable drives, and comparing those files against their signature database. In recent years, anti-virus vendors have extended their signature database to include spyware applications. Some vendors have assembled a vast list of spyware signatures for their products, erroneously believing that the biggest list could provide the best protection. In reality, signature-based solutions are inherently limited because they are a reactive security solution. Spyware detection occurs only after a particular piece of spyware has been identified. While signature-based solutions are useful for stopping known threats, they are powerless to stop new threats.
|
