Mobile Security Threats and Malware Increased in Q4 2010
Cyber criminals are keeping tabs on what's popular, and what will have the biggest impact from the smallest effort.
Most IT systems today are infected with some type of malware to one degree or another. But unless some piece of security software brings it to the attention of the IT department, it can sit on our systems for years. The problem with just leaving it there, however, is that malware is increasingly being employed to attack other systems. So every time malware is undiscovered, the owner of that system is an unwitting accomplice to a crime being perpetrated on another system.
The question you then have to ask is how long will it be before someone is held liable for not cleaning up a system that was maliciously used to harm someone else? Obviously, the owner of that system is not directly guilty of that crime. But not proactively protecting your system from malware that is being used to harm someone else could be considered reckless in this digital day and age. So how long might it be before some lawyer tries to test the limits of the definition of reckless disregard by suing somebody for not protecting their systems from being compromised by a botnet? Businesses, in fact, are already starting to add base-level security requirements in contracts that involve partnering with an outside entity.
There really is no good excuse for not cleaning up your systems, especially when you consider how many tools there are to discover malware. For example, Trusteer launched a cloud computing service this week, called Pinpoint, that doesn't require any software to be installed in order to determine the probability that a system is infected. According to Yaron Dycian, vice president of products for Trusteer, the service remotely inventories what software and hardware are installed on the system, checks that information in real time against a database of malware maintained by Trusteer and prevents the machine from logging on to the network if it senses that there is a high probability that the machine is infected. The service is going to particularly useful, says Dycian, in a mobile computing age where IT organizations never know where a system has been when it is off the corporate network.
In just the same way that people are expected to not deliberately pass on communicable diseases, IT organizations should be expected to keep their systems healthy. But too many IT organizations don't proactively go looking for malware, which is roughly equivalent to refusing to go to the doctor because you're afraid they might discover you actually have something. It used to be that thoroughly checking every system for malware was a time-consuming task. But now that there are remote cloud computing services that will automate that process, there's really no reason systems should be infected with malware for long periods of time. Malware will never go away, but the process through which we manage its removal is getting a whole lot better. So don't be surprised one day when a court issues a ruling that basically says companies are behaving recklessly when they fail to regularly cleanse their systems of known threats.