Protection of company data and productivity are two major issues facing businesses today. Technology is evolving at an increasing rate and the rise of blended threats, together with the popularity of social networking, means security professionals face a tougher challenge than ever.
Currently, more than 88% of all email sent is either unwanted spam or malicious email, such as blended email attacks. Blended attacks use more than one avenue to break through the security gateways of ERP software systems to deliver malware viruses. Accounting for more than 176 billion messages per day, you can understand that this has become a serious and growing issue.
The latest type of blended threat to emerge is one that uses a powerful combination of email and web to deliver its payload and infect a user’s computer. The attacker sends an email message with an embedded URL link. The intrigued user then clicks on the URL link, which either prompts an immediate malware download, or redirects the user to a web page, where they are invited to download and subsequently install a crucial ‘update’, which inevitably turns out to be malware.
Web 2.0 is commonly associated with websites or web applications that facilitate interactive information sharing and collaboration online. A Web 2.0 site gives its users the ability to interact or collaborate with each other in a social media dialogue, as creators of user-generated content in a virtual community. This is in contrast to typical websites where users are limited to the passive viewing of static content that was created for them. As more and more activity, both personal and commercial, is carried out over the web, it has become a prime target for criminals.
The real problem posed by Web 2.0 is that it can lead to a false sense of security, because users assume that legitimate and reputable websites are safe. Many cyber criminals use Web 2.0 websites and this sense of legitimacy to enhance the success of their attacks or ‘requests for personal information’.
What can be done?
Organisations need to ensure they effectively manage all content passing through their system, to protect their public profi le and to safeguard the business’ bottom line. Due to the increased number and complexity of security threats, a single-solution approach is no longer feasible. Today, up to 90% of malicious code on the web resides on infected, yet legitimate websites and is typically obfuscated to evade traditional security solutions.
A Secure Web Gateway (SWG) provides the layered security required to keep hackers at bay. By using active, real-time code analysis technologies, malicious code embedded within web content (regardless of the URL source or reputation) can be identifi ed and malware blocked before it can reach end users.
The reseller’s role in threat management
End users may not need to constantly change their IT security or defence mechanisms, however resellers play an important role in reminding businesses to constantly evaluate the risks to their IT systems and ensure they are not lagging behind.
One of the areas that we regularly see as an issue for endusers is in understanding when to change or add products in their security protection mechanisms. Educating businesses about available vendor solutions to match specifi c infrastructure, risk profi les and future needs is one key area where resellers can best assist businesses.