IT security 2010: Stonesoft warns of heightened risk
(Thomson Reuters ONE) - Credit card data in a fishbowl / Security pitfalls of social media / Cloudcomputing under a dark cloud / Dangers of mobile work environmentsHelsinki, 4 February 2010 - The EC card disaster at the beginning of 2010 hashighlighted the susceptibility of this system. Sometimes all it takes is a zeroin the year's number to prevent millions of customers from using this electronicmeans of payment. Not only credit institutes but all companies and publicorganizations should exercise special care in handling credit card data as wellas take a critical look at their network security systems and policies - this isthe recommendation of Stonesoft (NASDAQ OMX: SFT1V), an innovative provider ofintegrated solutions for network security and business continuity.However, increasing abuse of credit card data is only one of the criticalsecurity issues that Stonesoft's experts have identified for this year. A lookinto the crystal ball of IT security in 2010 reveals heightened risks associatedwith recent trends such as social media, cloud computing and mobility. Stonesoftpredicts that the number of attacks on private and corporate networks willincrease in 2010. The problem is that security awareness of users and companiesdoes not keep pace with the newest trends.While in many cases the threats are not new, the channels of distribution havenot been there before. Outsourcing, social networks on the Internet and the useof mobile devices make data and identity theft easier than ever before. Inaddition, the boundaries between private and corporate systems are becoming lessand less distinct. Employees update their Facebook profiles from the workplace,book their next holiday from a company smartphone or link to websites fromin-house blogs. Stonesoft's security experts warn companies and private usersalike to keep network security in mind particularly when dealing with newapplications and services.The main dangers in 2010Credit card data - inadequate identity protectionWhen companies lose customer data, they also lose an enormous amount of trust.While many companies protect their customers' credit card data against abuse bysetting up a firewall, this hardly provides adequate protection against thecriminal efforts of hackers. Instead, companies should invest in morecomprehensive security mechanisms in 2010 and provide their networks withadditional protection through an Intrusion Prevention System (IPS). Now that thePayment Card Industry Data Security Standard (PCI-DSS) is in effect, this ismandatory for all companies that store, process or transmit credit cardinformation.An IPS detects intruders before they reach critical network areas; the systemautomatically removes worms, spyware and other malware. At the same time,reports help administrators to determine who has accessed which data at whattime. This provides better defence against attacks and enables the departmentsinvolved to identify possible problems in time. To provide adequate protectionagainst data abuse in 2010, organizations must therefore have an IPS.Social Media - the curse of networkingMore and more social media services attract users through fast communication andthe ability to keep up with contacts. Portal user-friendliness and the highspeeds at which messages are disseminated are an enormous enticement - but theyalso harbour a great many dangers. The users themselves are responsible for mostof these risks. The easier and faster it is to publish information on theInternet, the more cautious users have to be in dealing with the social Web.Once the data has been published in the Internet, it is almost impossible todelete it completely. Even after the original files have been deleted andoverwritten, the information often remains available in search engine archives.Companies must therefore put more effort into making their employees aware ofthese dangers and set clear guidelines for the use of social media.One of the greatest threats in 2010 will be what is known as social engineering.Attackers identify the personal IT environments of their victims and makeimproper use of their digital identities. This means that even messages fromfriends and acquaintances can contain harmful software - without the recipientbeing aware of this. In early 2009, the Conficker virus infected around 50million computers in Germany alone - and security experts will have to deal withit again this year.Future hackers will find more and more ways to attack private and corporatenetworks. Internal e-mails can be as much at risk as private messaging serviceson social media sites. It is important that users pay greater attention to thisproblem.Cloud Computing - the dark side of the cloudCloud computing gives companies attractive benefits by handing expensive IToperation and management tasks over to external service providers. If theparties also agree on a pay-per-use model, the company pays only for theservices it actually needs, which eliminates unnecessary IT expenses. However,what many people neglect to take into account when selecting a suitableoutsourcing partner is the security of the outsourced data. This is a mistakethat can turn into an enormous risk as the number of outsourcing contractscontinues to grow.When companies outsource their IT services to an external provider, they alsohand over the confidentiality, integrity and availability of their data. Mostoutsourcing service providers sell their customers a complete package. Althoughthe quality of service is secured by service level agreements (SLAs), theseagreements very rarely cover data security. Data security is often a kind of"pig in a poke" that the customer purchases along with the overall package. Thecompany's actual security requirements are not taken into account. Whenselecting service providers, IT managers must therefore pay greater attention totheir existing security systems. Does the system meet the company's specificrequirements? What kind of guarantees does the service provider offer? Is thereporting system complete? What happens if data is abused? Who is liable?Stonesoft's experts expect to see the cloud computing trend continue in 2010.Only serious incidents of data loss or abuse will draw attention to the issue of"security in the cloud", despite the fact that there is an urgent need for thiseven today. The companies themselves are primarily responsible for this. In thefuture, they need to actively demand that their service providers offer improvedsecurity mechanisms that target specific needs.Mobile devices - dangerous little helpersMobile devices such as smartphones and PDAs have long since found their way intothe business world - thus also providing access to critical data. However, theyrarely offer the same level of protection as do desktop PCs. For this reason,mobile devices are becoming more and more attractive to hackers.The threats are not new; after all, they are similar to attacks on laptops. Theprimary difference is that users often assign very simple passwords foraccessing their mobile devices, since typing is more difficult on a mobiledevice than a keyboard. In addition, employees use their mobile devices for bothbusiness and personal calls, while neglecting to regularly update theiranti-virus software and firewalls. A virus can therefore easily infect not onlythe user's system, but the corporate network as well. To effectively circumventthese dangers in the future, companies must be able to administer the devicesfrom a central point. This makes sure that the security settings and updates foreach individual PDA are always up to date.However, the real situation is quite different. "Most companies ignore thedangers of increasing employee mobility. Although the demand for smartphones andPDAs continue to grow, the security functions of these devices remaininadequate. This plays right into the hands of future hackers," warns JoonaAiramo, Chief Information Security Officer at Stonesoft Corporation. "Only whenusers become more aware of the possible dangers will the demand for bettersecurity mechanisms grow as well. Until that happens, however, we can expect tosee an increase in the number of attacks on mobile devices."About StonesoftStonesoft Corporation (NASDAQ OMX: SFT1V) is an innovative provider ofintegrated network security solutions to secure the information flow ofdistributed organizations. Stonesoft customers include enterprises with growingbusiness needs requiring advanced network security and always-on businessconnectivity.StoneGate(TM) Secure Connectivity Solution unifies firewall, VPN, IPS and SSLVPN
Themen in dieser Pressemitteilung:
Unternehmensinformation / Kurzprofil:
Datum: 04.02.2010 - 08:04 Uhr
Sprache: Deutsch
News-ID 1010009
Anzahl Zeichen: 0
contact information:
Contact person:
Town:
Helsinki
Phone:
Kategorie:
Business News
Anmerkungen:
Diese Pressemitteilung wurde bisher 127 mal aufgerufen.
Die Pressemitteilung mit dem Titel:
"IT security 2010: Stonesoft warns of heightened risk
"
steht unter der journalistisch-redaktionellen Verantwortung von
Stonesoft Oyj (Nachricht senden)
Beachten Sie bitte die weiteren Informationen zum Haftungsauschluß (gemäß TMG - TeleMedianGesetz) und dem Datenschutz (gemäß der DSGVO).
