Q&A: Current Security Threats
by Mirko Zorz - Wednesday, 21 January 2009.
Simon Heron is an Internet Security Analyst at Network Box, a managed security company, where he is responsible for developing the overall business strategy and growth. In this interview he discusses the current online security threats, the full disclosure of vulnerabilities as well as Network Box.

In your opinion, what are the biggest online security threats today?

In a recent survey by Network Box, 61 per cent of IT managers said that they thought the biggest threat to network security was from malware being downloaded from the Internet. That’s probably true – but another important threat is usually user-based, in other words, people not keeping their protection up to date, or clicking on bogus links, or even buying from spam.

I think there are two significant challenges we face. Firstly, how to combat spam. I saw a great quote by someone on Twitter, that said: “I cannot escape the feeling almost every email I get is spam. The annoying thing is much of it is spam I've signed up for”. This nicely sums up one of the biggest difficulties we face – you have to define spam in order to block it. The second challenge is the shift of the endpoint. More and more people work remotely; the lines between work and home are becoming more blurred, and this puts pressure on the security of a corporate network.

What do you see your clients most worried about?

Fraud seems the major concern. This ranges from ID fraud, to fraudulent websites, spoofed emails promising great profits and a myriad of other cons that are the daily fare of an end user’s experience. This is still being fed through spam but increasingly there are new ploys as criminals move to website infection of trusted sites to infect new victims. All this despite the fact that the returns for a phisher or even spammer is appearing to be ever thinner. This menace is threatening the success of e-commerce and we need an international effort in these grim times to fight this crime.

What's your take on the full disclosure of vulnerabilities?

This is a painful but necessary process. It requires that immediate action is taken to address those vulnerabilities, alerting people to what has been exposed and addressing customers’ problems. It ensures customers can take corrective action, it forces a fast recovery programme and it helps others not to make the same mistake. None of this is popular with providers of the services that have been shown as vulnerable.

Based on the feedback you get from your clients, are there more internal or external security breaches?

I think there are more external threats, but probably more internal breaches. When McColo was taken down, we saw an immediately decrease in the volume of both spam and malware, which shows the impact these sorts of organised criminals can have. Not for long – it was back up and running pretty quickly. But there is still a significant threat from insiders – and not always intentionally: often people download malware without realising it. I imagine that with the number of layoffs we’re seeing, and everyone having to tighten their belts a bit, that there will be an increase in financial scams.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th