Journalist

Author Bio ▼

Hailey Lynne McKeefry has spent more than 23 years writing about technology and business. She began her career as an editor at such periodicals as Macintosh News, EBN, and Windows Magazine. After more than 16 years as a freelance journalist, she has written about a broad variety of technology topics, with a focus on security, storage, healthcare, and SMBs. Living in the heart of the Silicon Valley, Hailey has written for many top business-to-business publications and Websites including Information Week, CRN, eWeek, Channel Insider, Channel Pro, Redmond Channel Partner, Home Office Computing, and TechTarget. She graduated from the University of California at Santa Cruz with a BA in literature.
July 11, 2013

Download

Whitepaper: Enhancing security, resilience and efficiency across a range of industries

Mid-Year Malware Update

In many ways, the malware landscape has remained business as usual, with new attacks taking an evolutionary rather then revolutionary turn.

“I don’t think that radical changes in the threat landscape happen that often,” Nick Levay, chief security officer for Bit9, told IFSEC Global in a recent conversation.”We’ve seen more espionage in cyberspace, though, and we continue to see more focus where actors are compromising individuals rather than technologies.”

In the fist half of the year, though, financial services and utility companies were tested, a trend that will continue. More than one third of all breaches affected financial organizations, according to the 2013 Data Breach Investigation Report from Verizon.

Attacks of all types are on the rise. There’s more cyber espionage and more corporate hacking, said Levay. Smaller organizations are being used as stepping stones to get to their larger and more influential partners.

At the same time, there is a higher level of sophistication in finding and stopping these nefarious actors. “There will be a lot more effort in prosecuting or attempting to prosecute espionage cases,” he added.

He points to a recent court case example of American Superconductor vs. Sinovel. Although not a cyber espionage case, the case entails an electronics component manufacturer suing its biggest customer for IP theft. “Depending on what happens, this may be cited as precedent in cyber cases,” said Levay. “Either way, one of the effects of these kinds of cases is that they will create a perception that there is more a risk of getting caught.”

These current realities point to a need for IT pros to stay alert and become more proactive. “As the enterprise gets good at protecting against one thing, the threats change to other things,” said Levay. “The trick for the security professional is to be on their toes and predict the changes in tactics that the adversaries will conduct.”

Going forward, organizations will need to focus on increased visibility into their networks and systems. “You cannot fight what you cannot see, so there’s going to be more investments in solutions that offer a real-time view into what’s going on both in the network and at the endpoint,” said Levay.

Let us know the biggest IT security trends you’ve seen. Then, get out your crystal ball and let us know what you think might be on the horizon.

Free Download: The Video Surveillance Report 2023

Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!

Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.

VideoSurveillanceReport-FrontCover-23
Subscribe
Notify of
guest
19 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
safeNsane
safeNsane
July 12, 2013 7:30 am

“Smaller organizations are being used as stepping stones to get to their larger and more influential partners.”
This makes me wonder if we’re going to see a change in the landscape when it comes to strategic partnerships, the contracts around them and the protections required.  I can imagine the beating a small company is going to take if one of their systems is compromised and leaks data from a larger partner.  Termination of that contract in many cases would mean the smaller company doesn’t survive.  I guess security through obscurity is fading away.

ITs_Hazel
ITs_Hazel
July 15, 2013 2:53 am
Reply to  safeNsane

Good point, SafenSane. Smaller firms used to be in the clear because they weren’t being targeted. This tact that hackers are taking, by targeting small firms so they can breach bigger ones, is clever and probably something that security IT people already saw coming.

safeNsane
safeNsane
July 15, 2013 8:02 am
Reply to  ITs_Hazel

Hopefully what happens is that we see some better communication between the partner companies.  I know I’ve been there before and had to write up rules for connections into our company and what we expected on the far side.  Then you have to hope both sides follow that framework.

JonathanL
JonathanL
July 15, 2013 11:17 am
Reply to  safeNsane

Small partner firms do make easier targets and can allow for an attack vector to breach a larger partner.  However I think as with any company looking to partner with another large or small there is a responsibility on both sides to look and evaluate and determine what is shared and how and the accountability for that data.  Just because you are partnered with a company does not mean you open the gates wide open to them.  Doing that is asking for trouble from the start.

safeNsane
safeNsane
July 16, 2013 7:20 am
Reply to  JonathanL

I’m not at all suggesting opening the gates but if you’re passing data between two companies then chances are it’s worth something.  Even a simple man in the middle attack that is scraping that data can be devastating.  It doesn’t have to be a big obvious leak or hole, all it takes is the right data being lost.

JonathanL
JonathanL
July 17, 2013 10:03 am
Reply to  safeNsane

Perhaps that was too broad a generalization but you get the idea.  A chain is only as strong as its weakest link and while we would never truly want any weak links I would prefer that if there had to be one that is was in a place I knew it was and could monitor and attempt to control rather than rely on someone else to take care of it.  

safeNsane
safeNsane
July 18, 2013 7:21 am
Reply to  JonathanL

That sounds much better.  The problem though is that even if the weak link is very specific and closely monitored it doesn’t mean that it’s not leaking data.  I worked for a mortgage company in the early 2000’s when the housing boom was in full swing.  We did a lot of information swapping with large banks.  There were all kinds of rules on both sides to regulate how data was sent, formatted and what pieces could be sent in one bundle.  Truth be told most of them were only good policies on paper because if someone were able to intercept… Read more »

Rob Ratcliff
Rob Ratcliff
July 18, 2013 10:57 am
Reply to  JonathanL

True, good point, I think. There’s always got to be a weak link somewhere, so identify it and monitor it.

SunitaT
SunitaT
July 23, 2013 8:13 am

I think Java and Flash last to be the most exploited software; and android the most abused mobile platform. Blackhole remains the most widely used exploit kit, with RedKit gaining ground this year. It all sounds much acquainted. But AppRiver does focus a couple of new trends. Firstly it notifies that mobile Android malware is getting classier with malware developers mimicking the methods already tried and tested in the PC world.

manshi
manshi
July 28, 2013 12:50 pm
Reply to  JonathanL

: Good and fair enough but how do you plan to monitor it ? It wont be that easy 

Rob Ratcliff
Rob Ratcliff
July 30, 2013 7:24 am
Reply to  SunitaT

We’re sure to see android malware getting more sophisticated as programmers become more familiar with the platform.

ITs_Hazel
ITs_Hazel
August 1, 2013 1:41 pm
Reply to  Rob Ratcliff

Your prediction is spot on, Rob. Definitely agree that this is probably what’s going to happen. To be honest, there’s already so much Android malware. I really do hope Google is working on this or is at least on the case.

ITs_Hazel
ITs_Hazel
August 1, 2013 1:42 pm
Reply to  SunitaT

Most of the malware I have encountered on the desktop have something to do with exploiting the vulnerabilities of Java and Flash. In fact, at one point, it made me question whether I really needed to have these two installed in my machine because it has become more like a liability.

manshi
manshi
August 19, 2013 12:25 am
Reply to  Rob Ratcliff

: True and that will lead to some sort of a market issue. When you have too much of users involved in doing research and development, things will go wrong for you in no time. There is a very thin line between the two in such scenarios. One bad move can turn the tables against you.        

Rob Ratcliff
Rob Ratcliff
August 19, 2013 5:57 am
Reply to  manshi

One, or several over a long period of time, perhaps?

Rob Ratcliff
Rob Ratcliff
August 19, 2013 5:59 am
Reply to  ITs_Hazel

Well that was what Jobs said, as well, right? Flash was the biggest cause of security problems and crashes, so he wanted rid of it. People said he was being rash, and questioned what the point was of a tablet that didn’t run Flash, but now Flash is pretty much gone…

JonathanL
JonathanL
August 22, 2013 9:52 am
Reply to  Rob Ratcliff

,
Do you think that Java will share the same fate as flash in the near future?  Earlier this year it went through a vulnerability scare and may organizations ended up disabling it across the board.  

Rob Ratcliff
Rob Ratcliff
August 22, 2013 12:20 pm
Reply to  JonathanL

In a nutshell: yes.

manshi
manshi
August 27, 2013 1:45 am
Reply to  JonathanL

@Jhonathan: I don’t think Java will die at any point since it has much more promise and future. I think most of the platforms do run based on Java.