Despite the increasing amount of security threats targeting businesses, there are few companies that are adequately protected against all security threats.
“However, with the right security awareness and a good investment in appropriate security technologies, any company should be able to make significant progress towards a secure infrastructure,” says Simon Leech, TippingPoint technical director for EMEA.
Leech will examine information security-related threats of the future during ITWeb's fifth annual Security Summit, which will be hosted at the Sandton Convention Centre from 11 to 13 May.
“While the IT world has done a fairly good job with putting patch management infrastructures into place to deal with operating system vulnerabilities, we are starting to see more application-level vulnerabilities surfacing.
“Unfortunately, the application vulnerabilities are slower to get patched, both by vendors and users, and this leaves computers vulnerable to attack. Attackers use these vulnerabilities to aid client-side exploitation and distribution of malware.”
Leech explains that cyber criminals are turning to Web application attacks as well as exploiting social networks. He adds that two-thirds of all discovered application vulnerabilities are found in Web-based applications. Hackers are using techniques such as SQL injection and cross-site scripting to deface Web sites and break into databases.
Leech adds that Web services and software-as-a-service sites are under increased attack. This is evident by the recent attacks on Web-based services Gmail, Salesforce.com and Twitter.
According to a security report released in September last year by TippingPoint and Qualys, the number of cyber attacks have increased. They have also become so sophisticated, that many organisations are having trouble determining which new threats and vulnerabilities pose the greatest risk, and how resources should be allocated to deal with the most damaging attacks.
Leech warns there is no such thing as a completely secure network. He points out that a company needs to critically look at its network through the eyes of a potential hacker and try to determine how a hacker might infiltrate the organisation's defences.
Leech says companies should be allocating security spend to Web application security, virtualisation security and security awareness training for users.
With only 41 days to go until the kick-off of the Fifa World Cup, cyber criminals will be preying on football fans looking for information regarding the major sporting event.
“There will most likely be an abundance of malware disguised as useful applications or screensavers relating to the World Cup. This will be distributed via cyber criminals using search engine optimisation techniques to populate major search engines with malicious links when fans type in World Cup search terms.”
Leech adds that Web sites providing Fifa World Cup services, such as ticketing sales, betting sites and sports sites may become subject to targeted hacks, extortion or DDoS attacks, and in some cases could be held to ransom.