Gartner has advised businesses to plan for five increasingly prevalent cyber threats that have the potential to inflict significant damage on organisations during the next two years. They include:
Targeted Threats
Identity Theft
Spyware
Social Engineering
Viruses
Gartner previewed its 2006 Cyber threats Hype Cycle (see figure 1) at the company’s Information Security Summit in London. The hype cycle assesses the initial awareness, maturity, impact and market penetration of 35 IT security threats during the next ten years.
According to Amrit Williams, research director at Gartner, “We are seeing an increasingly hostile environment fuelled by financially motivated and targeted cyber attacks. By 2008 we expect that 40 percent of organisations will be targeted by financially motivated cyber crime.”
Mr Williams added, “Cyber attacks are not new, but what is changing is the motivation behind them. They are no longer just executed by hackers for hobby or cybervandilism, but by professionals with a targeted aim at one person, one company or one industry,” said Amrit Williams, research director at Gartner. “For example, we have recently seen several companies hiring private investigators to spy on their competitors. Private investigators used Trojans to install targeted spyware on competitors’ computers to gather confidential information about such things as upcoming bids and customers.”
Gartner said that social engineering and viruses would remain an everyday nuisance for chief information security officers through 2009. It warned that in the next two years, at least 50 percent of organisations would experience a social engineering or a virus attack.
Targeted Threats
They are cyber attacks with a financial motivation that are aimed at one company or one industry. They lead to the exposure of customer sensitive data, damage to corporate reputations and potential lawsuits. Gartner urged organisations to incorporate penetration testing into vulnerability management processes and investigate more-aggressive intrusion detection and protection approaches that move beyond threat-signature-based approaches. It also advised companies to evaluate managed security services when internal capabilities are not available or sufficient for advanced security activities.
Identity Theft
It refers to the theft of an individual's personal or financial information for the purpose of stealing money or committing other types of crimes. A Gartner survey conducted in North America last year found that organisations considered identify theft to be the third most critical security threat to their organisation. Although the number of victims has stayed relatively stable, defences are poor and regulators around the world, especially in the banking segment, are driving more protective measures. Gartner advised organisations to combine fraud detection with user authentication and transaction verification to ensure that user authentication methods are matched to the risk of the transaction environment. Data must also be protected using a variety of complementary measures, including strong access controls, encryption or masking where feasible, and database activity monitoring.
Spyware
It is malicious software that can probe systems, reporting user behaviour to an advertiser or other party without the user’s knowledge. This continues to be a disruption as it can be used to send confidential information to unauthorised persons without the knowledge or consent of an e-mail user. Gartner predicts that by 2008, 20 to 50 percent of organisations will experience a spyware attack. Gartner advised organisations to ask their existing desktop security vendor to provide an integrated anti-spyware solution. They should also use their gateway and network security devices to provide anti-spyware capabilities in the network, a strategy that has proved effective in the fight against viruses and Spam.
Social Engineering
It is the practice of obtaining confidential information by manipulating legitimate users. The simplest, but a still effective attack is to trick a user into thinking he or she is dealing with an administrator requesting a password or making him reveal other sensitive information. While this threat is well understood, it continues to be problematic because it requires human countermeasures. Defence against social engineering relies on deploying consistent security policies and practices that include; educational and clear reporting programmes as well as appropriate technology management. For example, to minimise the risk of sending confidential corporate documents or trade secrets to inappropriate recipients, organisations should use content monitoring and filtering tools. To limit what a successful attacker can get access to, they should enforce the principle of least privilege when assigning access rights.
Viruse
They are malicious programmes that use a propagation method to enable widespread distribution. Viruses are becoming more malicious and their effects could ultimately impact data or network integrity and security, e-mail privacy, and a corporation's reputation. Viruses can ultimately cause direct loss of money. Gartner said that organisations should continue to deploy signature-based antivirus software, but they should also improve patching configuration and vulnerability detection techniques to harden PCs against popular viruses. In addition, users should pressure their incumbent antivirus vendors to provide non-signature protection, or they should switch to vendors that offer this capability.
Mr Williams said that organisations must not underestimate the lasting damage caused by traditional threats such as denial of service or Spam, or cyber attacks that have become an everyday nuisance such as phishing. “Phishers are now going after lesser-known brands and are starting to combine phishing and spyware attacks,” said Mr. Williams.
“Although the volume of Spam has begun to level off, Spam is a continuous highly visible and annoying problem for organisations. 40 to 70 percent of global organisations’ incoming e-mail is Spam, and this figure could reach 80 percent if organisations do not block Spam at the gateway.”
Looking ahead to the next five to ten years, Gartner highlighted ‘rootkit’ as one of the threats with potentially the most damaging impact. A rootkit is a modified system file, such as Windows dynamic link library (WindowsDLL) or a collection of files that attackers use to replace desktop or server system files to gain undetected administrative access to the system. This enables the hacker to perform any function that a local administrator could.
“Rootkits represent an increasing threat to companies worldwide, and they are becoming more difficult to detect and prevent. Organisations need to be able to prevent, detect and remove infections. However, once a host has been compromised, it can be difficult to detect a rootkit as it conceals itself as a normal system file, which differentiates it from other threats,” concluded Mr.Williams.
