|
Executive Summary
Purchases of information security protection have traditionally been seen as tactical, against such historical threats as Viruses, Worms and Trojans, and more recently Spyware and Spam - categories of software that can be grouped together under the heading of malicious content. As these threats evolve however, tactical procurements are failing to give companies the comprehensive protection they need, and in the meantime the threats are evolving to take into account the widening range of Internet-based communications mechanisms.
This report summarises the business impacts of breaches in security caused by malicious content, for example in terms of data confidentiality and loss of service, and considers how today's threats differ from their historical counterparts. This is largely due to a blurring of the edges - each potential security exploit may be due to a combination of techniques, exploiting system vulnerabilities, network holes and even human nature.
2 Introduction
Thirty years on from John Brunner's ground-breaking novel, the security of today's computer systems is as big an issue as it ever was. According to a Quocirca research study conducted at the start of 2005, 20% of the 3,000 respondents had seen some kind of system failure caused by Spyware or other malicious software (Malware), and over half expected to be subjected to an attack in the future (see chart). Gone are the days when virus attacks used to happen to somebody else, and when Internet worms were the stuff of hearsay and anecdote. Every day it seems, new forms of attack are developed that traditional models of protection cannot properly deal with.
For not-for-profit agencies just as much as commercial businesses, while these threats can impact in a number of ways, all lead ultimately to a financial cost:
- Availability and access. An IT system, a computer desktop or a Web site can be rendered unavailable. Each case is frustrating for the user, and may result in a direct financial impact if a sales transaction cannot be completed, for example. In each case, access can either be directly prevented or a system slowed to the point that it is no longer usable.
- Efficiency and productivity. Even if an IT system is still accessible, it may be running at a sub-optimal level. Wait times and failed responses can slow a user's activities, rendering a staff member less efficient or making a customer wait unnecessarily. Within the machine, transaction times can be slowed - and as we've already noted, transaction times often mean money
- Data confidentiality. The information an organisation wants to keep private can go beyond salaries and credit card numbers; there are documented cases of attempts to access hospital records of celebrities with an aim to sell the information to the press.
Some email viruses work by sending a random local file to a randomly selected set of addresses from a local address book: it is too easy to imagine how some confidential data might be circulated in this way.
- Data integrity. If data can be viewed in transit, it could also be changed. This could be damaging to a business in a number of ways, for example, a contractual document could be modified or ?lost', or a bank account balance could be changed. If a document is sent without the sender's knowledge, it can be difficult to prove that it was the result of a virus rather than An official survey conducted in 2003 a user: the technical term is "non-repudiation" by the UK's Department of Trade but it boils down to being able to verify the sender's identity
Such content can be seen as a back door into the corporate network, and just because it has not been accessed yet that does not mean that it will not be in the future. So, what kinds of malicious content are there? Let's take a look.
3 A Brief History of Malicious Content
The Trojan Horse is as old as Socrates, if not older. Just as we can learn from wisdom of the Greek philosophers, there is value from understanding the traditional types of malicious content.
3.1 Viruses
According to the original definition in the Internet Gotta start somewhere report RFC 1135, "A virus is a piece of code that inserts itself into a host, including operating systems, The first documented computer virus to propagate. It cannot run independently. It was known as "Elk Cloner" and was requires that its host program be run to activate it."
|
