IT managers are right to be wary of new threats like viruses coming in on infected devices such as USB sticks (like Stuxnet) or mobile devices, which pose an increasing threat. However there is a more pressing threat to network security.
Firewalls remain the most important defence for corporate networks, but they require correct configuration to provide complete protection of the network. Likewise, poorly configured routers resulting in badly routed networks provide the perfect back door for botnets and hackers to exploit. It’s vitally important that businesses ensure their security systems and procedures provide a strong defence against these more traditional attacks, otherwise they are likely to see their networks suffering the consequences over the coming year.
One of the most significant external threats of 2011 will be hackers continuing to take advantage of websites with poor programming, allowing the attackers to manipulate the code, infecting the systems of site visitors worldwide. Companies will need to ensure that their websites are written with security in mind and plan to revisit the sites regularly to ensure that they are regularly updated. Surfers will need to take extra care ensuring they update their systems promptly to avoid their systems being vulnerable to older exploits.
We’ve seen before how major events are used by cyber-criminals to con victims into opening links sent to them via email or social media platforms, unwittingly infecting their computers with malware. 2011’s royal wedding is going to provide the perfect opportunity for Internet phishers and fraudsters to ply their illicit trade. Unfortunately, people are not infallible and will fall victim to such attacks, but a strongly defended network will prevent the installation and spread of any malware downloaded as a consequence.
We’re likely to see the continued politicisation of internet attacks – as seen recently with Wikileaks supporters voluntarily becoming part of a botnet as a form of political protest – as people become increasingly frustrated with the tough economic and political climate.
Financial applications will be prime targets for cybercriminals, who will use viruses such as URLZone (which, amongst other things empties victims’ bank accounts online while making it look untouched to the victim) to attack financial institutions.
The increased uptake of VOIP will lead to new approaches to attacks on the corporate network such as toll fraud, call interception or caller spoofing. However, the important thing for businesses to remember is that the vast majority of Internet threats need not impact the business at all if network systems, security processes and procedures are regularly updated. This then makes it easier to focus on the new threats, enabling the organisation to benefit, rather than suffer, from the Internet.