Exclusive: ‘Handholding’ required in un-secure world
In the constantly changing world of technology, one area remains constant: the need for security. Heather Wright gets some expert views.
With security scares reaching as far as the International Space Station, 2013 was a year of 'very high profile security breaches'. The bad news?
IDC's Vern Hue, senior market analyst, predicts 2014 will see a similar trend with malicious actions continuing to hit organisations for a variety of reasons.
For end-users that might be bad news. But for the reseller channel, it could also be good news.
Juraj Malcho, Eset chief research officer, says consumers and enterprise don't understand security issues or the available solutions – and nor do they really want to.
"They don't care to have an anti- virus product; they just want to be safe," he says.
"The world's current IT technology and its implementation is not easily understandable by the masses, therefore it's hard for many companies to assess the risk, especially when for most technology is critical to success, but not a core business to them.
Adds Patrick Devlin, Watchguard ANZ regional director: "More than ever, security is critical to every product sale. Most electronics are connected to a network and many to the internet. This means that businesses that might not have considered security in the past need to be playing in this space.
"Consider the example of a managed print services company. Most printers are internet accessible. What if someone were to connect and go print crazy? Who covers the costs?
"Security resellers tend to be trusted advisers to their customers. These resellers tend to sell much more than just security and are much more likely to be awarded large contracts for PC or laptop supply that might otherwise have simply gone to the lowest cost partner.
Devlin says security services are becoming a more essential part of a systems integrator's portfolio than ever. "In years past, our resellers were mostly boutique security providers. In today's New Zealand IT marketplace, a reseller can't afford not to have a security offering.
Internationally, IDC put the total security market for 2012 at US$37.7 billion. Hue says the New Zealand market was NZ$83.6 million, but points out this only takes into account security software as appliances aren't tracked locally.
Within software, IDC tracks endpoint, network, web and messaging security, along with identity and access management and security vulnerability management.
The international figures also include unified threat management appliances, firewalls, VPN and intrusion detection and prevention markets. Professional and managed services are not included in the figures.
Hue says cloud, social media, big data and security are beginning to impact organisations in New Zealand and how they interact with resellers.
"While nothing has changed in the way resellers act as the frontline in understanding customer needs and owning the customer engagement in many cases, the introduction of the aforementioned technologies, and in particular security solutions which are growing in complexity, will require more support and value- added services from the channel.
"Organisations will require a lot of handholding here as they transition into more complex solutions and they will look for the guidance from high-end VARs, SIs and cloud providers," Hue adds.
Last year ended with plenty of publicity for Cryptolocker, and Patrick Devlin, Watchguard ANZ regional director says we will probably see more variants and new infection vectors based on the success of Cryptolocker.
"Anything that makes money is likely to spawn a whole family of copycats," he notes.
It is advanced persistent threats, however, that Devlin believes will dominate 2014 locally. "2014 is likely to be the year APTs become front of mind for the wider community.
"News of the International Space Station being infected made many people realise that even non-internet-networked systems are at risk. These attacks are very professionally built to beat normal defences, and have been shown to evolve and be very effective in the wild.
"In the past they have infected SCADA systems – even Google's Sydney office got hit this year. Many APTs are well funded espionage tools capable of everything from remote control to video and audio surveillance.
And, on the subject of APTs, Devlin says Zeusbot 'just keeps hanging around' because traditional firewalls have no visibility of it. "Many businesses still think IPS is too expensive or an acronym they needn't worry about.
Meanwhile, Eset's Malcho says mobile devices will also figure heavily in security concerns over the coming year.
"Mobile devices are being used more and more for internet banking. That has resulted in a gradual shift of interest from the bad guys. Defeating two- factor authentication has become commonplace for modern banking Trojans, now routinely having a mobile component to steal one-time passwords and interfere with the payment process at the mobile endpoint.
"Also, we're seeing banking Trojans aiming more at enterprise customers, especially SME's – with a higher monetary value than consumers, and less IT security sophistication than large enterprises – thus hoping to get to accounts with a higher balance, and targeting applications that automate online transactions and banking software.
Malcho says while the absolute numbers of malware targeting mobile platforms is low – with Android by far the most prevalent – the significance of the attacks is high for victims, since they typically lose money, but may be reluctant to admit how foolish they feel.
"Spying Trojans and banking Trojans always follow the money trail and now turn their attention to Bitcoin, and other similar currencies, directly aiming to steal digital wallets.
He says DDoS attacks and web defacements will continue with more attacks against critical infrastructure on the internet, be it government sites or privately held industry targets, with some being deliberate, well thought out attacks, but many being attackers probing to see the possibilities.
"Targeted attacks have become a part of our lives, whether we're talking about espionage or sabotage, and if you are an entity with valuable IP/data, you'd better think twice about the security.
Talking about checking possibilities and hacking/cracking for fun, Malcho says Eset is seeing attempts to crack any smart devices and find weaknesses in their design and implementation. "This concerns any device you can connect to, such as SmartTVs, intelligent houses – alarm systems, devices – and so on.
The cloud and (dis)trust
Edward Snowden's revelations last year triggered a wave of distrust in cloud service providers, since it's not entirely certain who actually sees the data, Malcho says.
"We might be seeing more regulation coming into this area, however, that will hardly satisfy the clients' worries that certain authorities and institutions who are 'above the law' in a particular country have more access to their data than they would like," he says.
"Expect to see a strong interest in locally hosted, encrypted back-up and file storage in New Zealand," Malcho adds.
Devlin sounds an even darker warning on the cloud front. "2014 will be a year of cloud security issues. There are some big fat, juicy targets out there right now and the same exploits that affect a business can also affect a massive cloud provider.
"I further expect a lot of cloud providers to start going out of business, putting customer data at risk – it's expensive to set up the infrastructure for a cloud and, unless you get critical mass of customers quickly, the banks will start calling in the debts without regard for your data.
"When the hosting closes down, those customers who spent lots of time and money to move their data to the cloud might find it tough to rapidly move it back.