I had the opportunity to talk with Aleks Gostev, chief security expert for the global research & analysis team at Kaspersky Lab, about some of the current threat trends facing the enterprise today. Not surprisingly, the first thing he mentioned was mobile threats. BYOD, he said, is a huge problem for security officers, especially when dealing with the Android platform, because of the approximately 5,000 mobile Trojans discovered every week. And that security problem is doubled when you connect your PC to your Android device.
The second major threat facing enterprise, according to Gostev, is targeted attacks and how they’ve changed over the past few years. He said:
We are seeing a lot more incidents in big corporations. A small team of hackers creating special, dedicated Trojans to attack one organization.
What these hackers are able to do, Gostev explained, is learn the type of security being used in these organizations. Then, they create Trojans that are meant to work around that security so malware can be downloaded undetected. He wasn’t kidding when he said targeted attacks.
That led to us discussing something I’d been wondering about for a while. For many, both in enterprise and in personal use, the front line of data is antivirus (AV) software. I don’t know many who have gone beyond AV software on their personal devices; we often think that good AV software is enough. But as Gostev pointed out, with the rise of mobile threats and the sharing of information between devices, the risks are much greater. So I asked, is AV enough? Not anymore, Gostev said. Five years ago, AV would protect most of us from the biggest threats. Now we need to think in terms of security suites for protections.
AV is basic protection and still a critical part of the security solution, Gostev said, but other parts of the security suite should include:
- A good backup system—Hackers might erase or encrypt your data so that it can’t be used. According to Gostev, you want to perform regular backups to an offsite location so you have a recovery plan.
- Cryptography—Make sure you have and enforce a good policy for passwords.
- Whitelisting—Use only trusted software and prevent employees from downloading whatever they want.
- Incident management system— Provide a centralized system to analyze all devices accessing the network.
Hackers may spend $5 million to attack your system for your $10 million in assets and make a profit. The goal for enterprise is to raise the bar and make sure their attacks aren’t cost effective or profitable.