Sunday Business Post - IT Security Supplement - Feb 18, 2007
Email threats to Irish business are becoming more sophisticated. Spam and phishing scams continue to cause concern, but blended threats, including downloaders, Trojans, spyware and key loggers, are also on the rise.
“It used to be just advertisements for Viagra and that type of thing, but people are really trying to profit directly from it now, for instance by getting your bank details,” said Eoin Goulding, MD of Integrity Solutions. “There are criminal organisations out there working fulltime to work out ways to get access to passwords and usernames.”
Traditional viruses attacked a machine or network and shut it down completely. They deleted system or data files, often requiring a full reinstall applications and programmes on all machines. However, the new generation of threats can do much more damage.
A key logger is a piece of software which can enter your network via an innocent looking email. It then proceeds to steal vital information about the business.
“If an employee is doing an ordinary online bank enquiry, inputting information can be intercepted and sent on somewhere else,” said Michael Conway, director of Renaissance Contingency Services.
Malware and trojans can take over a PC or server, and proceed to download malicious content or sending emails to everyone in an address book. Other viruses are merely hoaxes, which waste time for both office PC users and IT support staff.
These attacks take advantage of the fact that all Irish businesses, even the smallest, now use e-mail as a key business resource.
“Everyone has e-mail now,” said Dermot Williams, MD of Topsec Technology. “It is just standard, if you are in business you have an email address.”
Companies who have public email addresses – for instance info@, mail@ or sales@ accounts – are especially vulnerable to attacks. Automated programmes constantly scan the internet, harvesting these addresses.
“If your e-mail address is easily found out there, it is going to end up in the spam lists and it is going to be spammed very heavily and very aggressively,” said Conway. “A huge proportion of what is going around needs to be managed, up to 70 or 80 per cent.”
One way companies can protect themselves is by installing a gateway e-mail protection solution, which checks all incoming email before it is allowed into your internal IT system.
“This allows people to put in a very good security presence,” said Williams. “The gateway email security solution will be able to examine the content of messages coming in and spot all the different types of threat.”
With new email threats being developed and discovered each day, email monitoring systems must be constantly updated. Most software packages will now automatically update themselves using the Internet. However, they still need to be manually supervised.
With a gateway system IT staff do not have to check each individual machine each day to ensure all is secure. However, a gateway solution will not offer 100 per cent protection, as it cannot monitor incoming mail, or threats which enter your organisation in other ways, such as via USB drives or mobile devices.
For total security from email threats a company needs a presence on each individual machine in their organisation.
Conway puts the cost of implementation for an organisation of 12 to 15 users at about €1,000, depending on extra requirements such as mobile staff or an open network.
A large number of Irish businesses now rely on e-mail lists as a key business and marketing tool. Solutions must be able to strictly monitor outgoing mail to ensure that it is not propagating a virus or sending out inappropriate material to clients or customers.
“Your whole e-mail list could be compromised and people could be using you as a relay for sending out spam e-mails,” said Conway.
Failing to put in place adequate protection against e-mail borne threats can be particularly troublesome for SMEs. Just one rogue email getting through can spell disaster.
“It can just bring down your whole network, and your staff can be without access for days,” said Goulding. “It can really damage your whole business.”
Even where spam does not do huge damage to a company, dealing with the problem on a manual basis can eat into resources. Excessive incoming mails can waste bandwidth and slow down your internet connection. Time spent scanning through spam to find important e-mails is also time lost.
Spam and malicious messages are not the only e-mail security threat facing companies.
Solutions can monitor outgoing e-mail to ensure that their staff do not use their email systems to spread sensitive data or information.“For example I might decide to send myself, or a colleague or a friend, client details or a price list,” said Conway.
No comments:
Post a Comment