In-Depth
Top 5 Enterprise Security Trends
From BYOD to social media, the trends that are keeping security administrators on their toes.
By Andreas Baumhof
Enterprise IT managers face a large and increasingly sophisticated array of cybersecurity threats. According to the Aite group, there were 25 million new, unique strains of malware released in 2011 -- a number that is expected to skyrocket to 87 million new annual variants by 2015. The global cybersecurity crisis has become so acute that even Macs and other platforms that were once considered to be immune from attacks are now common malware targets.
From an enterprise standpoint, it’s not enough to understand the threats your organization faces today -- you need to know about the security risks that are most likely to threaten your enterprise and implement the best practices capable of maintaining your company’s data security and system integrity.
Key Trends in Cybersecurity
Cybercrooks are opportunists who employ strategies ranging from advanced malware campaigns to simpler and more obvious avenues of attack. Currently, there are five key trends that will continue to impact the enterprise security environment over the next 12 months and beyond.
Trend #1: Mobile computing
Mobile devices are becoming an attractive target for cybercriminals. The vulnerabilities of the open-source app marketplace have been well documented -- smartphone users tend to download apps without exercising common-sense security practices such as equipping their devices with anti-virus software.
In some cases, mobile operating systems (such as Apple iOS) are vulnerable because they are too secure. Because Apple doesn’t allow security companies to provide security for the iPhone, it is extremely difficult to address malware intrusions when they occur.
For enterprises, limiting the devices that can be used to access enterprise applications is a losing strategy. It’s simply not reasonable for companies to tell customers or even internal stakeholders that mobile access via Android, Apple, or other mobile platforms won’t be supported.
Instead, enterprises need to improve security by exerting greater control over their mobile exposure. For example, complex financial institutions gather data about their customers’ or members’ devices and meticulously monitor mobile behaviors. When suspicious activities arise, the organization can restrict or limit the customer’s mobile access rather than locking out large groups of mobile users based on device type.
Trend #2: Social media
More digital thugs are favoring sites such asTwitter, Facebook, Google and LinkedIn as distribution hubs for Trojans and other forms of malicious code. In an ironic twist, cyber crooks are using social media’s most important value propositions to gain access to protected systems and information.
After taking control of users’ accounts, fraudsters are leveraging the sharing features of social media to effortlessly send infected links to thousands or even millions of followers. Because the information is being received from a “friend,” recipients are more likely to trust (and click) the links, substantially improving the success rates of simple, link-based attacks.
A common social media-based fraud strategy involves drive-by attacks, in which devices are infected when users visit a site that contains malicious code. It’s not unusual for these kinds of links to feature news stories or photographs that are distributed via social media.
The ongoing value of social media to the digital consumer experience means that social media-based cyberattacks will become even more prevalent in the months and years ahead. To inoculate themselves, enterprises need to deploy a mix of strategies that include user education and basic security protocols.
Devices that have access to the enterprise need to be routinely updated with the latest security patches and anti-virus programs. Though not entirely foolproof, frequent updates and education initiatives for both employees and customers can significantly reduce the organization’s exposure to attacks that originate in the social space.
Trend #3: Man-in-the-browser attacks (MitB)
MitB Trojans aren’t new, but we’re seeing a dramatic spike in the volume of MitB attacks not just against financial institutions but increasingly against enterprise organizations.
Embedded in seemingly innocuous pop-up ads, MitB Trojans are automatically launched when users click an infected pop-up. Once the Trojan infects a device, it can be instructed to perform fraudulent activities in the background, completely invisible to the user.
Sophisticated MitB attacks can even be customized for specific institutions and enterprises. Although the amount of effort it takes to create one-of-a-kind MitB attacks can be enormous, high-value targets need to consider the possibility that fraudsters will craft MitB Trojans that have been uniquely tailored to their organizations.
Best practices call for enterprises to deploy authentication as a primary defense against MitB attacks. The key is for organizations to properly authenticate users and devices, gathering critical intelligence about the source of transactions. Similarly, organizations should carefully monitor transactions and flag any questionable behavior.
Trend #4: Bring your own device (BYOD)
BYOD is one of the hottest topics in enterprise security. In addition to reducing an organization’s overall cost of technology, employees are permitted and empowered to use their preferred device platforms, promoting higher productivity levels throughout the workforce.
However, as many enterprises are discovering, BYOD introduces a slate of new security challenges into the organization. When employees connect to company servers and databases with devices that are beyond the direct control of the organization’s IT department, it inevitably elevates the organization’s risk profile and the volume of unauthorized intrusion attempts.
For most enterprises, the right solution isn’t to ban BYOD but to implement BYOD policies that clearly define the proper use of employee-owned devices in the enterprise. BYOD security risks can also be mitigated with robust fraud detection systems and limits on the types of information that can be accessed via BYOD.
Trend #5: Security in a time of convergence
The security industry as a whole is struggling to keep up with the new realities of today's threat environment. Although general network security and fraud prevention are different disciplines, the threat environment is converging. Online identities are the most frequent target for malware attacks today, and financial gain (through fraud) is the prime motivator. Attackers are even using malware to automate fraudulent transactions so they can steal on a larger scale, without manual logins.
In enterprise organizations, security and fraud teams are separate entities. Attackers exploit the fact that these separate silos do not share information. As a result, neither practice is as effective or efficient as it could be. E-commerce and financial service fraud teams waste a tremendous amount of time on manual reviews of transactions initiated by malware or stolen identities, and security practices are defeated by stolen, trusted credentials.
A Final Word
Staying one step ahead of fraudsters isn’t easy, especially for enterprise IT managers that are responsible for maintaining system and data integrity across multiple geographies and business units. By implementing a handful of strategies to protect the enterprise from the attacks that are most likely to threaten an organization now and in the future, IT managers can minimize risk and create an enterprise environment that offers security as well as user convenience.
Andreas Baumhof is the chief technology officer at ThreatMetrix, a provider of integrated cybercrime prevention solutions. Baumhof is an cybersecurity thought leader and expert with deep experience in the encryption, PKI, malware, and phishing markets. You can contact the author at abaumhof@threatmetrix.com.