Computer Security

Dealing With Your Organization’s Near-Certain Malware Problem

Computer SecurityThe networks of Europe’s organizations — and by extrapolation, those elsewhere — are riddled with malware, and the majority have been the victims of a targeted attack at some point in the recent past. That is the startling conclusion of a recent Quocirca research report titled “The trouble heading for your business.”

As grim as this might sound, what it actually means is that reality is simply being accepted. In the past, security vendors pretended there was a Utopian position that could be reached, where all malware could be recognized and blocked. This was never true in the first place and it is less true today than ever.

More and more zero-day malware (that which has never been seen before) is being specially prepared to target individual organizations, often using polymorphism (making every instance appear as unique) and hiding malware either using encryption or by embedding it in other files (for example spreadsheets and PDFs).

The European organizations that Quocirca spoke to in its survey are not alone. They are in the company of some the most eminent organizations in the IT industry: Facebook, Twitter, Apple, and Microsoft have all been the focus of targeted attacks just during February 2013.

Microsoft recently admitted that “During [an] investigation, we found a small number of computers, including some in our Mac business unit, [which] were infected by malicious software…” Microsoft appears not to have been seriously impacted — at least if the aim of the attackers was to steal data, as it goes on to say, “We have no evidence of customer data being affected and our investigation is ongoing.” Even though Microsoft’s defenses were penetrated, it was prepared to acknowledge this and make a statement that its customers’ data remained safe — something many others could learn from.

The story at Facebook was similar — malware did get on to its devices, but it was confident data was not stolen. Reports about the incident at Apple are similar. Twitter had to admit to 250,000 user account details being compromised.

All organizations must accept that if they become a target it is very hard to stop determined cybercriminals or hacktivists getting malware onto their systems. What is essential is to ensure that such attacks are identified as soon as possible, and that it is hard for the perpetrators to extend their attacks within the impacted networks.

Security vendors are accepting this reality too. One vendor Quocirca spoke to last week was talking about its new capability for “retrospective detection.” In short, when the vendor detects some deviance at one of its customers it will come and check its other customers’ networks for something similar. This is nothing short of an IT security vendor saying, ‘We cannot keep your networks free of malware, but we can aim to minimize the time in which new attacks are identified.’

Quocirca’s report goes on to identify a problem that many European organizations still have to face up to. There is an over-reliance on traditional security technology and not enough use being made of more advanced techniques. While Quocirca cannot be sure exactly how Microsoft, Apple, and Facebook are defending themselves, it seems that their security posture is predicated on the fact that attacks will penetrate their defenses, but timely detection and multiple layers of security means the aim of these attacks can be foiled.

With their high level of interaction with consumers and the need to store personal financial data, retailers and financial services organizations are among the most concerned about the potential impacts of targeted attacks. However, no business can afford to be complacent. With the rise of hacktivism, any organization could unexpectedly become an overnight target.

All must be prepared to invest in security measures that prepare them to respond to these increasingly sophisticated and well-targeted attacks on their employees, networks, applications, and data. Those that do not face data losses, regulatory fines, damaged competitiveness and, in the worst case, the collapse of their businesses.

Image Credit: IntelFreePress (flickr)

About the author
Bob Tarzey
Bob joined the UK-based industry analyst firm Quocirca in 2002. His main area of coverage is route-to-market for ITC vendors, but he also has an additional focus on IT security, network computing, systems management, and managed services. Bob writes regular analytical columns for Computing, Computer Weekly, TechRepublic and Computer Reseller News (CRN), and has written for The Times, Financial Times and The Daily Telegraph. Bob also blogs for Computing, Info Security Advisor and IT-Director.com, and provides general comment for the European IT and business press. Bob has extensive knowledge of the IT industry. Prior to joining Quocirca, in he spent 16 years working for US technology vendors including DEC (now HP), Sybase, Gupta, Merant (now Serena), eGain and webMethods (now Software AG). Bob has a BSc in Geology from Manchester University and PhD in Geochemistry from Leicester University.