Wednesday, November 12, 2008

What are you waiting for? Cybertheft is getting bolder!

I’m flying back from the Gartner IAM Summit and reading a story in today’s USA Today titled “Cyberthieves mine for corporate data nuggets” and I can’t believe how bold cyberthieves are getting. Here’s the jist of the story…

  • Cyberthief observes an employee entering their userid and password while they are at an airport, coffee house, hotel lobby or at a conference.
  • Cyberthief logs onto the employee’s company network and finds an internal web server that they can compromise. In the USA Story they added a link to an internal employee website that discussed a charity.
  • Unsuspecting employees clicked on the link which took them outside their internal network and downloaded a program that basically dumped their My Documents folder over the Internet and into the hands of the cyberthieves.
Over 300 PCs fell to this attack which means 300 My Documents folders were dumped. Amazing.

Some questions for all of us and a few comments:
  • Many companies are still employing a hard-outside, soft-in-the-middle approach to security. Once a firewall is bypassed the cyberthief has unfettered access. That’s why security professionals push for “defense in depth”. Clearly, in the case above network monitoring tools could have seen the unusual jump in connections and data traffic and perhaps started shutting down ports or the internet connection. Are you taking a defense-in-depth approach to your network security?
  • Look at you’re My Documents folder right now. Anything in there that you wouldn’t want a competitor to see? Yes? Is it encrypted? If not, why not? How are you going to protect yourself against this type of attack? (As I write this I am busy encrypting a lot of files!)
  • How strong is your front door? Are you still only requiring a username and password to access your network remotely? If you are using some sort of two-factor authentication like a smart card or one-time password token then you are ahead of the curve. If you are not, then you are protecting your network with the equivalent of a screen door. I’d bet that 95% of cybertheft could be prevented if companies deployed two-factor authentication.
I’ve had many people ask how they can justify security projects. I go to the dentist twice a year because I’ve had a root canal and I don’t want to go through that pain again – ever. So I pay for this as a preventative measure. Your equivalent to a root canal – as a company – is being featured in USA Today or the Wall Street Journal.

Don’t just think about it. Do something before it is too late.

Technorati Tags:
, , , ,

1 comment:

richa said...

If you need an all in one solution then I would look at something like unified threat managment also known as a UTM.Cyberoam firewall is the only UTM firewall that embeds user identity in firewall rule matching criteria, enabling enterprises to configure policies and identify users directly by the username rather than through IP addresses. Cyberoam’s powerful hardware firewall provides stateful and deep packet inspection, access control, user authentication, network and application-level protection.

The ICSA-certified Cyberoam firewall is available along with VPN, gateway anti-virus and anti-spyware, gateway anti-spam, intrusion prevention system, content filtering, bandwidth management and multiple link management, providing comprehensive security to small, medium and large enterprises, including remote and branch offices. Cyberoam is a Check Mark Level 5 certified UTM solution.

Key Features

1.Stateful Inspection Firewall
2.Centralized management for multiple security features
3.Embeds user identity in rule-matching criteria
4.Multiple zone security
5.Granular IM, P2P controls
6.ICSA certified