The two-button mouse has been around for many years but I still remember discovering what the right button was capable of – and how much additional functionality it provided.
And so it was with the aptly-named “Right Click” seminars, hosted earlier this year by the Chambers of Commerce in Christchurch, Hamilton and Auckland. I picked up great deal of new knowledge about technology and how it can help meet business objectives.
The theme for the latest round of seminars (they are held three times year) was IT security and how new technology is helping win the fight against malicious attacks from both within and outside an organisation.
Local experts from Microsoft, hp and Symantec, in the form of Jan Ferguson, Warwick Grey and Rogan Mallon respectively, outlined the threats and how each of their companies is addressing them.
Grey reported on an Australian survey published in Reseller News last March, which reveals that 60 percent of information loss is related to lost or stolen notebook computers and 25 percent is related to network intrusion. According to the survey many thousands of PCs per day are being recruited into secret networks (bot networks) that spread spam and viruses, and 75 percent of owners of Australian small and medium sized businesses are more concerned about internal threats than external ones.
Ferguson then profiled the new breed of hacker, who is using new techniques (such as phishing) for personal financial gain. The stereotypical computer geeks tucked away in darkened rooms out to wreak mayhem are morphing into more sophisticated operators.
Spammers know when they’re onto good thing – so many are switching to the more lucrative phishing market. However, Microsoft is targeting this growing threat with the upcoming release of its Internet Explorer Version 7.0, which has no less than three checks to protect users from phishing scams. First, it compares website with local list of known legitimate sites and then it scans the site for characteristics common to phishing sites. Finally, it double checks the site with Microsoft’s online service of reported phishing sites which is updated several times every hour.
IE Version 7.0 will also provide two levels of warning and protection in the security status bar. Level one signals suspicious site and the second level confirms it is phishing site and blocks it.
Keystroke logging and spyware were also covered at the event, and Symantec’s Rogan Mallon pointed out that many software licensing agreements, which we happily click our way through – who has time to read them? – often have buried somewhere words along the lines of “I agree to have spyware installed on my PC”.
Ferguson urges businesses to become more proactive in their approach to IT security – and while you can’t eliminate all the risks, you can minimise them through what she calls “immunisation”. This may require greater upfront investment, but Ferguson equates its importance to investing in customer satisfaction initiatives.
Her final point to attendees was to get regular IT health check from reputable IT support partner, and even if you’re small company, appoint someone on staff who’s responsible for security.
The extent of cyber-crime was made very clear by Mallon – and he had the figures to prove it. He was quick to instil confidence in his company’s Internet Security Threat Report. This report’s strength is the extent of its data sourcing, which happens to include more than two million decoy accounts set up deliberately by Symantec to attract spam and phishing email. He recommends the Symantec Internet Threat Meter as good site for getting your head around the risks and vulnerabilities and what to do about them.
This year and beyond he’s predicting an increase in malicious code with stealth capabilities, with much of it delivered through instant messaging. And look for rise in bots and bot networks – collections of computers that have been compromised by software specifically designed to create network of systems for attack.
Mallon’s best practice approach for businesses is to:
• Use an internet security solution that combines antivirus, firewall, intrusion detection and vulnerability management.
• Make sure security patches are up to date.
• Ensure that passwords are mix of letters and numbers. Do not use dictionary words and change passwords often.
• Never view, open or execute any email attachment unless it is expected and its purpose known.
• Update protection software regularly (such as antivirus definitions).
Finally, hp’s Warwick Grey recommends building security management into business plans. His company is hot on multifactor authentication for desktop and notebook PCs. This is not just relying on single password to access systems, but combination of smartcards with PIN numbers and even biometrics (fingerprint) authentication.
Glenn Baker is regular contributor to
Management.
[email protected]