Security Risks in the New Economy

Friday, May 01, 2009

Print

Comment

Email

Digg

Del.icio.us

Reddit

Twitter

Increasing cases of identity and data theft are becoming a major cause for concern across organizations and individuals alike. They're causing financial loss, data loss, and not to mention loss of credibility and reputation. We surveyed 80+ CIOs across India to find out how seriously they tackle Information Security threats. We also believe that securing data is everyone's responsibility and tell you how to go about doing it.

Before devising a plan to secure your information, you need to understand the current security landscape and the risks it involves. So in order to understand what's currently happening, we surveyed 80+ CIOs from across the country to find out their understanding of the subject, and what they were doing about it. The results we got were pretty interesting. Here's the first one:

The surprising element in the above is the 30% CIOs, who feel that security threats are still a nuisance. Had that been the case, then cyber crime would not have been a multi-billion dollar industry. Clearly, cyber crime is on the rise because there are monetary gains involved. According to various research reports from key security vendors, most cyber crimes today are targeted at stealing critical data for financial gain. This trend is only expected to grow, and the sooner we accept this fact, the better it will be as we would then be in a better position to combat it.

The good thing though is that the level of seriousness amongst Indian CIOs with respect to information security is pretty high. Even the top management in most organizations understands the possible security risks and what kind of an impact they can have on the organization. However, this doesn't directly translate into allocating a significant part of the IT budget on information security. The data on that suggests the following:

The rest of the CIOs didn't give a clear indication about their information security budgets. There was another key trend that we observed from the survey, which is even more interesting:

The above clearly indicates that anti-virus software is not completely effective in combating security threats. Despite having it deployed, viruses manage to creep in and cause havoc. It's important therefore, to understand how viruses still manage to creep into the system, despite having so many solutions in place.

So now, we'll focus on some of the key security risks that are heating up.

Entry Points for security threats
There are a larger number of channels through which malicious code can enter.

Security threats can come from anywhere, be it outside or inside the network. information can be stolen from anywhere, be it your network, desktops, servers, Internet portal, wireless network. Therefore, you need to first identify the possible channels from where information can be stolen-USB ports, remote access to systems, wireless networks, VoIP, laptops, smartphones, etc. Information can be stolen from most of these channels. Here's the state of affairs as far as Indian enterprises are concerned:

The above graph is quite interesting. It shows that 61% organizations use secure wireless networks. What this means is that the remaining 41% either don't have wireless networks or use wireless networks that are not secure. Likewise, if 40% organizations allow open usage of flash drives, then they are obviously in danger of information theft. And if 56% of the CIOs provide remote access for their organization's employees, there is a chance of information theft. The real interesting ones are open access to public IMs and open usage of USB drives. Free access to public IMs means employees can send whatever information they want to anybody. Let's analyze this in more detail.

How vulnerable are USB ports?
USB ports have become the default interface for just about every device you plug into a PC or laptop today. While they've increased the convenience, they've also increased the security risk. USB flash drives for instance, are commonly used to carry/share data. This has also made them the most common cause of spreading virus infections. The Conficker worm, which has been in the limelight for quite some time now, spreads itself through USB drives, among other channels of course. The University of Utah recently reported that 800 machines on its network were infected by the worm, all because somebody brought a USB drive infected with Conficker, into the network. Even if you can prevent virus infections on USB drives by keeping anti-virus software updated on all systems, how will you prevent somebody from walking away with important information on a USB drive?

Besides flash drives, USB ports can also be used to connect devices like Internet data cards. While this makes it easy for your mobile workforce to connect to the corporate network, or use the Internet when on the move to check important mail, it also makes it easy to leak information. Given that the current economic slowdown is causing a lot of employee lay-offs, USB ports could be considered as a security threat.

Does this mean that you should block all USB ports on all machines in your organization? There are solutions to do that, but before you do that, it's important to understand the implications. While you prevent information theft or virus infection, you're also taking away the convenience that most employees have enjoyed. This could therefore reduce employee productivity.

So if you do plan to block all USB ports, first look for alternatives. Revisit all access control rights and be more stringent on who has access to what resources. Ensure that the common network location for file sharing amongst employees is cleaned up more regularly than before.

Page(s)   1  2