This article was first published in the Summer 2015 issue of OnWindows
Cyber-crime is on the rise. Last year, Dell blocked 1.7 trillion system attacks and 4.2 billion malware attacks, while our annual Threat Report indicated that there was a surge in POS malware, increased malware traffic within encrypted HTTPS web protocols, and double the number of attacks on supervisory control and data acquisition systems compared to 2013.
Hacking is a very lucrative business. Not only can criminals make money by stealing and selling a company’s intellectual property or R&D plans to competitors, they can gain access to bank accounts to directly withdraw funds. For example, when criminals tapped into the POS systems used by US retailers Home Depot, Target and Staples in 2014, millions of consumers were exposed to potential fraudulent purchases and credit card or identity theft.
While these breaches damaged the brands’ respective reputations, hacking suddenly became even more serious when criminals infiltrated the computer systems of airlines, technology companies and other contractors involved in the movement of US military troops and equipment in 2014. Similar concerns for national security were echoed when 19,000 French websites were targeted soon after the Charlie Hebdo and related terror attacks, which took place in Paris in January 2015. Fears were renewed again when hackers claiming allegiance to the Islamic State of Iraq and the Levant group seized control of TV5Monde, France’s international TV network, this April.
Evidently, the increased media coverage of such major security breaches has helped to put cyber security in the spotlight. And now senior executives understand that they could face high fines, or even a prison sentence, in the event of a breach, it is much easier for IT administrators to secure the budget to implement robust security systems. However, mid- and small-sized companies still have limited IT resources and budgets, so often they are not adequately protected.
Companies tend to implement single security solutions on a reactive basis. For example, an organisation may start with a firewall to protect their network, then implement a URL content filtering solution if an employee visited illegal content and then added an anti-spam filter if its employees were victims of a phishing attack. When deployed in this way, security products operate in separate silos, which creates gaps in the overall security system that can easily be targeted by hackers.
Siloed IT security systems function in a similar way to how the Brazilian football team played against Germany in the 2014 World Cup final – individually they performed well, but they failed overall because they were not connected to one another. Successful security networks that are deployed proactively in a structured way are more like the German team, which was victorious because the individuals communicated effectively with one another and played as a cohesive unit.
Ideally, companies should deploy an integrated security system that not only protects its assets, but also supports its business goals. Developed to eliminate gaps in security networks, Dell’s extensive security solutions portfolio enables customers to do just that. For example, if a company wants to develop a mobile workforce, they can integrate our solutions to provide employees with access to the corporate apps, documents and systems they need to remain productive on their laptops, while ensuring all of the data remains protected.
Dell is currently working on a suite of technology that combines separate identity and access management, data encryption and firewall solutions. This means companies can ensure a confidential tagged document is automatically encrypted with the Dell Data Protection Encryption and checked by the firewall when an employee uploads it to a cloud storage service. The identity and access management tool, which supports single sign-on, then ensures only certain users can access the document. This helps to close any gaps in the network, while ensuring that all tools are able to effectively communicate with each other, supporting business growth, rather than hindering progress.
Dell’s 2014 Threat Report showed that POS malware tactics became more sophisticated last year as hackers turned to memory scraping techniques and embedding encrypted malware in secure HTTPS protocol traffic, which rose by 109%. Many companies still operate legacy firewalls that are blind to encrypted malware so they must upgrade their perimeter security solutions to remain protected. To do this, they need to invest in next-generation solutions, such as Dell SonicWALL, that can perform deep-packet inspections on every single bit of data crossing their networks to identify whether it is malware.
This year, Dell also expects that there will be a rise in malware tailored for specific technologies and more attacks on wearable devices, digital currencies and electric vehicles and their operating systems. Hacking techniques are not likely to change significantly, but they will become more frequent and targeted.
Hackers are very aware that companies are increasingly investing in mobile devices, wireless technologies, cloud platforms and internet of things systems, while employees are using their personal devices to access work e-mail or corporate documents. It has never been more important for organisations to educate their employees about the risks and develop a homogenised IT security infrastructure that protects their assets and customer data, and supports their business growth goals.
Florian Malecki is the international product marketing director of Dell Networking Security
Share this story