Cyber Crime Keeping Pace with Prevention

MBA (6/18/2008 ) Palaparty, Vijay
Despite widespread firewall and anti-virus software use, organizations continue to report losses due to cyber crime. Keeping pace with threats, which become more complex and more targeted, involves implementing stronger firewalls for better network security.

"There’s a real change in how network security is constructed and in the network security landscape,” said Gregory Young, research vice president at Gartner Inc., Stamford, Conn. “As threats move up the stack, inspection has to move up the stack as well. There is demand for broader vision to look into higher levels of attacks.”
Young said organizations often suffer from complacency or change in priorities, presenting significant challenges to organizations' security areas. The San Francisco-based Computer Security Institute's 2007 Computer Crime and Security Survey reported an average loss of $350,424 per responding organization due to cyber crime—more than doubling from the $168,000 reported the year prior. Losses were high regardless of 98 percent of respondents reporting using anti-virus software and 97 percent reporting having a firewall in place.

“Security measures that organizations have taken against their attackers, such as the anti-virus and firewall components, are fundamentally imperfect,” the report said. “This is because much of the defensive posture of a typical organization relies on technologies that attempt to identify known, broadly distributed attacks that have easily recognizable patterns in them. This approach of looking for the signatures of known threats can often be highly practical, but over time developers of malware—viruses and their ilk—have been gradually increasing the sophistication of their methods and are arriving at points where it is possible to bypass an anti-virus package more or less at will, at least within a limited time frame.”

“The tide has turned and respondents have reported a significant upswing,” said Robert Richardson, director of CSI. “There are, no doubt, many causes. Within the enterprise, most respondents over the years thought their better security performance was real enough. Though, of course, a number of organizations continued to suffer catastrophic attacks and data breaches. A drop in losses was welcome evidence that the efforts put into cyber security were showing some return on investment. There is a strong suggestion in this year’s results that mounting threats are beginning to materialize as mounting losses.”

Threats constantly evolve as do the networks, Young said. He emphasized the necessity to build security for well-known threats but to also anticipate future threats such as targeted attacks.

“We’re seeing greater requirement for depth in network security," Young said. "The firewall—the edge of network—is the best place to catch crime and stop it. Organizations need increasing levels of depth and can’t rely on host-only protection. Unless there is perfect host security, you can’t prevent everything.”

Young said network security should be virtualized, despite challenges of breaking existing security architectures. He said whether firewall protection is imbedded in the network or hosted on a separate security control plane, goals and objectives should be clear.

“As more evasive attacks emerge, new technology has to keep pace,” Young said. “The network will always be the starting point for defending against new threats. Think about effectiveness first and then efficiency. Cyber criminals are more motivated by money now instead of just creating annoyances, which makes them a tough opponent.”

Infonetics Research, Campbell, Calif., reported that the current worldwide network security appliance and software market is down 4 percent from $1.3 billion in the fourth quarter 2007 to the first quarter this year. The report, Network Security Appliances and Software, indicates the North American market is down sequentially for the first time in four years—decreasing 7 percent in the first quarter. Other areas such as Asia Pacific, Europe/Middle East/Africa and Caribbean/Latin America reported smaller declines between 1 percent and 2 percent.

“Most network security vendors reported some slightly higher than normal sluggishness in North America, primarily among large customers, though most vendors reported that customers didn't plan to decrease spending overall, just delay it slightly," said Jeff Wilson, principal analyst for network security at Infonetics Research. "We project a return to very slight growth in the last three quarters of 2008, with stronger growth forecast in 2009."