Skip to content
Hays - Recruiting experts worldwide
  1. I am
    I am
Browse by expertise

Emerging IT trends create online security issues

By now, business leaders should be well aware of the risks associated with internet activity. They should also recognise that IT security threats will not be going away any time soon. As evidenced by a recent Symantec study, the number of online attacks continues to increase as more businesses and consumers head online. The firm reported a 93 per cent rise in the number of recorded online attacks during 2010, with 286 million new threats emerging over the course of the year.

But it is not just the sheer volumes of malware that should be of concern to business organisations. The Symantec report said that as the frequency of targeted attacks increased, so did the sophistication. Fraudsters are using the technology resources available to them to develop new techniques to target end users. They have adopted new tactics, and this has created difficulties for the IT security industry in keeping up.

Symantec explained that one of the primary attack techniques used on social networking sites involved the use of shortened URLs. Since these are legitimately used to share a link in an email or on a web page, malicious internet users sought to prey on peoples' trusting nature. Attackers used the news-feed capabilities provided by networking sites to mass-distribute attacks - posting shortened links to malicious websites in status updates on compromised accounts.

The technique proved relatively successful. The links quickly spread around user's friends, enabling hundreds - even thousands - of potential victims to be targeted in an instant. Some 65 per cent of malicious links in news feeds observed by Symantec last year used shortened URLs. Of these, 73 per cent were clicked 11 times or more, with 33 per cent receiving between 11 and 50 clicks.

Another way criminals targeted internet users last year was via attack toolkits - software programs which can launch widespread attacks on networked computers. Symantec explained that these kits target vulnerabilities in the popular Java system, which accounted for 17 per cent of all weaknesses affecting browser plug-ins in 2010. As a popular cross-browser, multi-platform technology, Java is an obvious and appealing target for attackers, and users must be aware of the potential risks. Around two-thirds of online attacks in 2010 could be attributed to these toolkits, with Phoenix in particular wreaking havoc for IT users.

Given that an increasing number of professionals choose to work remotely using mobile devices, it is hardly surprising that hackers also focused more of their attention on this segment of the market last year. The majority of malware attacks against mobile devices took the form of Trojan Horse programs posing as legitimate applications. Attackers inserted malicious code into existing legitimate applications and then distributed these tainted applications via public app stores, increasing exposure to the malware.

But why exactly did the number of online attacks rise so significantly last year? According to Con Mallon, director of regional product marketing at Norton, the simple answer is that the activity is "worthwhile" to people with criminal intent. "Obviously people can make money from this and they can exploit things," he stated. Mr Mallon said the malware statistics are being driven by money, and this has been the case for a number of years. By attacking individual consumers, fraudsters can get their hands on credit card information and banking details. And by targeting business accounts, they may be able to access intellectual property and other information which gives them a competitive advantage.

Automation has certainly contributed to the significant increase in malware. As Mr Mallon explained, the development of toolkits has made it relatively straightforward for people to launch malware attacks. This is encouraging more people with advanced IT skills to be tempted by illegal activity, he suggested. "Secondly, the toolkits themselves are becoming more skilled at creating new variants or specific variants of malware," Mr Mallon added.

Businesses need to ensure their employees understand the risks posed by malware and take all reasonable precautions to protect confidential information. Education about the risks faced in the online environment can be an important weapon against hackers, so employers should ensure their staff are fully trained and can recognise the warning signs. Data loss can cost businesses money, and cause major reputational damage, so organisations should be as proactive as possible in managing the risks they face.