Recent revelations by National Security Agency (NSA) renegade contractor Edward Snowden have resulted in many businesses paying more attention to how secure their computer systems are. But even the most “cyber-savvy” businesses can have their computer networks hacked and compromised. Use this whitepaper to understand your threats, protective options, and trends in internet security for businesses.
3. Contents
Internet Security: A Large and Growing Problem 4
Threats to Internet Security for Businesses 7
Protecting Your Business From Internet Security Problems 12
Considerations When Hiring Internet Security Firms 15
Trends in Internet Security for Businesses 18
Business.com Checklist for Internet Security for Businesses 20
Glossary of Internet Security Terms 21
4. 4
Internet Security: A Large
and Growing Problem
R
ecent revelations by National Security Agency (NSA) renegade contractor
Edward Snowden have resulted in many businesses paying more attention
to how secure their computer systems are. It’s one thing to protect yourself
from hackers and thieves; it’s quite another to protect your data from being
intercepted and stored by government agencies.
News that the PRISM program operated by the NSA has access to Internet
traffic, including data and messages sent through Google, Yahoo, Microsoft
and other providers of free Internet applications and storage, has given many
businesses reason to double-check the security of their systems.
Recent revelations by National Security Agency (NSA)
renegade contractor Edward Snowden have resulted in
many businesses paying more attention to how secure
their computer systems are.
5. 5
Even the most “cyber-savvy” businesses can have their computer networks
hacked and compromised. Companies in the business of Internet security itself
have been subject to embarrassing attacks. In 2011, according to The New York
Times, the website of ManTech International was hacked. ManTech is a $2.6
billion computer security company that held a major FBI security contract.
In a 2012 article on ZDNet, Ellyne Phneah reports that losses due to Internet
breaches are becoming significant. She quotes Jimmy Sng, partner of IT Risk
Consulting at PwC, who points out that losses result not only from direct theft,
but also from costs associated with crisis management, customer compensation,
lawsuits, and more.
It’s almost impossible to put a dollar figure on the true extent of business losses
from cyber crime, but some estimate the annual cost to be as high as $1 trillion.
A Pro Publica story from 2012 by Peter Maass and Megha Rajagopalan quoted
Gen. Keith Alexander, director of the National Security Administration, who
warned that cyber attacks are causing “the greatest transfer of wealth in history.”
It’s almost impossible to put a dollar figure on the true
extent of business losses from cyber crime, but some
estimate the annual cost to be as high as $1 trillion.
6. 6
He urged Congress to enact cyber security legislation, but the controversial
Cyber Intelligence Sharing and Protection Act, or CISPA, now before the U.S.
Senate, has drawn criticism from privacy advocates who contend the law
contains too few limits on the government’s ability to keep an eye on private
Internet use.
Nicole Blake Johnson writes in the Federal Times about the increased
significance of data breaches, citing a report by the nonprofit Cloud Security
Alliance, Notorious Nine: Cloud Computing Threats in 2013: “In 2010, data
breaches ranked fifth on the list of top threats. This year, data breaches rose to
the top of the list.”
Today, some aspect of almost any business is conducted using the Internet,
even if it’s simply sending email. The very nature of what makes the Internet
essential to business -- the ability to store, share, and analyze data quickly
among a multitude of users located almost anywhere -- also makes it
vulnerable to acts not only of mischief, but criminal intent from identity
thieves, corporate spies, disgruntled employees, and individual and group
hackers. Even if you think your computer is turned off or you aren’t using it,
any networked device is in constant communication with other devices and
networks, and is susceptible to being compromised.
7. 7
Threats to Internet
Security for Businesses
T
here are many different paths into a restricted computer or network.
Here is a list of the most common security breaches, and the methods
used to access, copy, change, or destroy private data.
Hacking: The actual meaning of a hack is deconstruct, debug or tweak a
software program or file. While there are legitimate reasons to hack, the popular
use of the term implies at the minimum unauthorized access to a computer
system. Hacking can encompass attempts to guess an access code or password
to a site where one does not have authorized access. When hackers gain
unauthorized access to a network with malicious intent to do damage or defraud,
they often get other names, like crackers (criminal hackers), or attackers (as in
“cyber attacks”).
Phishing: Also called “brand spoofing” or “carding,” this is a play on the word
“fishing,” in which “bait” -- i.e., a seemingly legitimate invitation or request
-- is thrown out in hopes of hooking unsuspecting users to divulge personal
information. The bait is usually in the form of an email, leading to a “pharm” or
imposter website designed to get you to reveal a username, password, and/or
account number. A variation is “social” phishing, which is when someone calls on
the telephone pretending to be a customer service representative for a company
8. 8
you do business with, who at some point requests private access info, such as
your password. Phishing happens on social networks, too, such as Facebook
and Twitter.
Pharming: Pharming is a form of hacking that involves the creation of counterfeit
websites that masquerade as real sites. The rogue sites encourage visitors to
enter usernames and passwords that are then used to gain unauthorized access
to bank accounts or other private accounts.
Keylogging: Also called “keyboard capture programs,” these programs record
keystrokes entered into a computer and often transmit a file containing those
key captures surreptitiously over the Internet. Keylogging is legitimately used by
companies to track employee performance, measure productivity, and create
training materials. But keyloggers can be used maliciously by hackers to gain
access to sensitive information such as passwords, credit card numbers, and
bank account numbers, social security numbers, dates of birth, etc.
Pharming is a form of hacking that involves the creation
of counterfeit websites that masquerade as real sites.
9. 9
Trojan Horses, Viruses and Worms: During the Trojan War, the Greek army
hid soldiers inside a wooden horse, which was towed inside of Troy’s fortification
to open the gates to allow the surrounding army in to destroy the city. Similarly,
a Trojan horse is any software presented as useful that, once installed in the
system, proceeds to take it over or destroy it. Unlike viruses and worms, Trojan
horses are not self-replicating.
Viruses, like the pathogens that harm humans, are harmful code spread
through multiple connected computers via the transmission from infected email
attachments, websites, flash drives, or other file-transfer mechanisms.
Worms, similar to viruses in that they are self-replicating, do not require user
interaction to spread and they don’t damage a system. What they do is siphon
the use of resources so as to slow down a system considerably, sometimes to
the point of shutting it off completely.
Backdoors: A backdoor is separate way of accessing a system, often installed
by programmers to protect against not being paid for a job. The same backdoor
left by a programmer can be exploited by a hacker to allow remote control
of hardware or software, usually without the permission or knowledge of the
network’s owner. While there are legitimate reasons for installing backdoors (e.g.,
testing), they can be exploited to surreptitiously collect data and install spyware
or malware.
10. 10
Bots and Botnets: An Internet robot is an automated program that works
without a human operator. Also called “webcrawlers” or “spiders,” bots can
secretly install spyware and malware, and are frequently used to carry out
remote attacks on a network. When bots are linked together, they form a “botnet”
network of bots, installed on multiple computers running identical malware and
collaborating on attacks.
Advanced Persistent Threats (APTs): A group of hackers (or the computers
they have taken over) collectively targeting a specific network weakness. This is
increasingly popular among criminal hackers. Growing use of APT requires new
and creative security responses.
Denial of Service (DoS) Attack: The “denial of service” attack is an attempt
to shut down an online service by flooding it with redundant requests, such as
continuously reloading a home page from thousands of different computers at the
same time.The result is that the site’s services are denied to authorized users, who
can’t get in. Site response times will often slow down with DoS attacks, which is
one way of detecting them. In some cases, DoS attacks can cause a site to crash.
Cookies: Cookies are files containing small amounts of data and instructions
typically used to customize a website to the user’s personal preferences. Cookies
identify the user as someone who has visited the site before. They are often
capable of retrieving a browser’s history and preferences, tracking the browser’s
movements through the site, and tracking the browser’s online activities after
leaving the site. Thus, cookies can be a threat to privacy as well as a tool to
make using the Internet faster and more personalized.
11. 11
Adware: Pop-up windows or advertising banners that appear within a website’s
interface. While generally not malicious, adware can be pernicious and
annoying, and can, in fact, be used to transmit malicious code (malware) to
connected devices.
Drive-By Attacks: A “drive-by attack” is the installation of rogue software without
a user’s knowledge or consent. Drive-bys are usually accomplished when an
unsuspecting user clicks on a pop-up ad on a website. Sometimes the drive-by is
initiated by clicking the “close” box on the ad, so that attempting to close the pop-
up launches the attack.
Hijacking: These software programs alter browser settings or change a default
home page to some other site. If your browser is hijacked, it will take you to sites
you didn’t ask to see. An innocent example is a hotel’s Internet access page,
which appears when you attempt to access a site before consenting to the hotel’s
terms. Another form of hijacking is when a website -- or even just a homepage --
is taken over by hackers and redirected to another site or replaced with a bogus
homepage. Sometimes hackers hijack a site to make the fact that they cracked
the system undeniable -- forcing companies to admit that they were hacked.
Rogue Antispyware: Programs that pose as legitimate virus protection or
antispyware applications. The rogue program alerts you to a nonexistent problem
on your computer and triggers a pop-up ad offering to sell you an unneeded
product that supposedly fixes it. Neither the pop-ups nor the rogue software itself
are easily removed.
12. 12
Protecting Your Business From
Internet Security Problems
S
ome Internet security steps are relatively simple and can be
performed by the average, non-technical person. However, as the size
and complexity of a business grows, even these “routine” tasks must
be effectively managed to protect your data from compromise.
¾¾ Virus and spyware protection. Software programs installed on a
computer to protect against malware, which is unwittingly downloaded,
usually through email or a website, but sometimes through organized.
There are basically two kinds of malware:
ƒƒ self-replicating computer viruses designed to spread infection
throughout a computer network to either disrupt efficiency or outright
disable functionality
Asset ranking tools grade equipment performance
according to user and manufacturer criteria, calculating
the costs of operation and predicting probable lifespan.
13. 13
ƒƒ spyware that does not self-replicate, but rather is surreptitiously
installed on a computer to monitor Web behavior, usually to collect
data for advertising purposes
¾¾ Firewalls. A firewall prevents unauthorized access to a private network.
A firewall can involve hardware, software or both. Data received by a
private network from other public networks (such as the Internet, other
corporate intranets, an online email service, etc.) is screened according
to certain security criteria. If the criteria aren’t met, the data is blocked
from the private network.
Firewalls have two main uses: 1) they prevent network users from accessing
inappropriate websites, such as sites containing pornography, illegal content,
or inappropriate content; 2) they prevent network users from receiving
solicitations from senders or sites that are known offenders of network rules.
While firewalls are effective against unsophisticated hacking that depends
in large part on duping legitimate network users into revealing access
information, knowledgeable hackers can breach most firewalls.
A firewall prevents unauthorized access
to a private network. A firewall can involve
hardware, software or both.
14. 14
¾¾ Passwords and Email Security. Just about everything is password-
protected, from your computer to the websites you visit. There are certain
standards for ensuring passwords are not easily compromised (e.g., they
must include certain combinations of upper and lower alphanumeric
characters that are not easily guessed). Most corporations typically require
users to change passwords regularly as an extra security precaution.
Good security software or services can help automate the process of
password selection, changing, and verification.
Another aspect of password security is education, making sure users do
not divulge their passwords or other confidential information in emails,
over the phone, on social networks, or in other seemingly innocent
exchanges. Certain emails regularly circulate that contain malware
attachments; even opening the email without opening the attachment can
contaminate not only the user’s computer and the immediate network, but
the computer and network of every contact ever made through that user’s
email program. Periodic alerts warn users to immediately delete such
suspected email malware.
¾¾ Mobile Security. The growing popularity and prevalence of mobile
applications raise a host of security issues. Faster network connections,
more remote and mobile users using a variety of laptop, iPhone, iPad,
and Android platforms all require new, more complex solutions to protect
network integrity.
15. 15
Considerations When Hiring
Internet Security Firms
A
n Internet security firm can perform all the following list of
functions on behalf of your employees, notifying them of automatic
downloads, performing security system updates, managing password
authorizations, training employees to be aware phishing tactics.
However, these aren’t specialized skills sets and could just as easily be provided
by your regular IT staff. What Internet security firms specialize in is the proactive
testing of a company’s network to determine vulnerabilities by which hackers
could gain unauthorized access to exploit and damage your operations. In
addition to scanning and correcting the identified vulnerabilities on either an
ad hoc or subscription basis, Internet security firms offer a range of packaged
solutions and services, such as:
¾¾ Email hosting, with filters to detect and quarantine viruses, spam,
spyware, malware, and other prohibited content.
¾¾ Encryption, the ability to scramble information being transmitted in a
way that can only be read by the intended receiver -- or someone who
possesses a key to decode the transmission. Good encryption practices
require additional effort to properly integrate encryption with other layers of
network security.
16. 16
¾¾ Firewall filtering to define and limit network user access to prohibited sites
while ensuring safe Web browsing and social media use.
¾¾ Data protection that monitors employee external communications
to external and internal networks and quarantines suspicious or
unauthorized activity.
¾¾ Email archiving to automatically back up and store employee email
communications. For some organizations, email archiving is required by
law. For others, the ability to search throughout an organization’s emails
can lead to insights into what drives an organization and what erodes it.
¾¾ Cloud services with hosted networks where your company data is stored
on huge and multiply redundant servers at remote locations accessed
with a Web dashboard or interface. Cloud services offer scalability,
higher security, and easier maintenance and provisioning. The growing
popularity of cloud services, while touted as more secure than on-site
hosted networks, nonetheless introduce new access points with potential
vulnerability. They have shifted the emphasis of computer security efforts
from local networks to Web-server and Web-application protection.
¾¾ Alert services via email, text message, Twitter, chat, or RSS feed. These
alerts notify users that a security monitor has been triggered and specifies
appropriate response actions.
17. 17
¾¾ Elasticity, which is the ability of the network to integrate with cell
networks, wireless access points, remote locations and cloud services.
Effective security solutions must address rapidly evolving changes
in network size and scope. An Internet security provider can usually
accommodate multiple interfaces while ensure accurate configurations
throughout the infrastructure.
¾¾ Employee compliance monitoring for best practices in protecting
network integrity.
¾¾ Actionable intelligence and insights about malware and other
questionable activity on the network.
An Internet security provider can usually accommodate
multiple interfaces while ensure accurate
configurations throughout the infrastructure.
18. 18
Trends in Internet Security
for Businesses
¾¾ BYOD (Bring Your Own Device). Corporate IT departments once strictly
controlled employee hardware (remember when the only corporate cell
phone was a Blackberry?). However, particularly for mobile devices,
employees more frequently are allowed, and expect, to use their own
consumer devices within the corporate network. Consequently, network
security must encompass and coordinate a range of security levels
that address multiple kinds of devices using multiple operating systems
and platforms.
¾¾ New IPv6 Internet protocol institutes fundamental changes that require
additional security steps. The current standard -- IPv4 -- uses 32-bit
addresses for every device connected to the Internet. The new IPv6
standard uses 128-bit addressing. The shift is necessary due to the
exploding number of devices connected to the Internet. While 128-bit
addressing should enable greater security, it’s not compatible with IPv4,
meaning security experts will have to juggle both protocols.
¾¾ Emerging Web standards such as HTML5 also involve new strategies
to protect against potential security breaches. One particular feature
of HTML5 is geo-location, which can be exploited to place users and
equipment at specific times and places, which has a myriad of security,
privacy, and legal implications that are just beginning to be addressed.
19. 19
¾¾ Mac Attack. Yes, Macs are not affected by most malware, since it is written
primarily for Windows, which remains the dominant corporate operating
system platform. And while Mac software has well-deserved reputation for
smart security, there is no such thing as invulnerability. Unfortunately, this
lures many Mac users into thinking they don’t need to worry about viruses,
despite the threat that was posed by the 2012 Mac-focused Flashback
virus. While Macs may represent only a small portion of corporate users,
the fact that these users aren’t accustomed worrying about malware
presents a growing possible entry point for a malware outbreak.
¾¾ Similarly, while Windows 8 has not been widely adopted by many
corporate IT departments, users who connect to corporate networks with
Windows 8 computers may represent a security risk due new firmware that
is attracting hacker interest.
¾¾ Internet Devices are multiplying. Beyond smartphones, tablet computers,
and e-readers, there is an advancing army of Internet-connected devices
coming that will challenge the capabilities of any Internet security system.
The list includes wearable computers, such as Internet-connected
eyeglasses, health monitors and smart watches. Then there are machines
that don’t need humans, like self-driving cars, smart thermostats, and
remote-control flying objects. And then there are devices implanted into
people, such as pacemakers and medication regulators. It’s a serious
security problem if someone can gain unauthorized access to a device
inside your body!
20. 20
Business.com Checklist for Internet
Security for Businesses
My
Needs
Vendor 1 Vendor 2
Network Security Scanning
• Initial scan
• Subscription
• Ad hoc
Scan Scheduling
• Running continually in
background
• Memory scan on program
startup
• On-access each time file
or folder is opened
• On-demand
• Entire disk/selected files
or folders
• Scheduled
Network Security Services
• Detection and removal of
malware (cleaning)
• Virus/spyware protection
• Email hosting
• Spam protection
• Email archiving
• Firewall filtering
• Backup data protection
and recovery
• Real-time monitoring
• 24/7 monitoring
My
Needs
Vendor 1 Vendor 2
Update intervals
• Daily
• Incremental, as required
• User-configurable
Devices Supported
• Private servers
• Workstations
• Desktop/Laptop
• Tablet computers
• Smartphones
• Other devices
Support
• Toll-free 24/7 telephone
• 24/7 online chat
• Security alerts
• Video tutorials
• Training
• Compliance audits
Pricing
• Per user charges
• Per device charges
• Per installation charges
• Monthly cost
• Quarterly cost
• Annual cost
• Incremental, as required
21. 21
Glossary of Internet
Security Terms
ActiveX Controls: Links to a Web-embedded object, such
as a table or mouse click button; can help users navigate
to the information they want, but they also can be pirated
to download spyware. ActiveX controls can be restricted to
“trusted,” preapproved websites only.
Bot: An Internet robot; an automated program that works
without a human operator.
Botnet: Network of bots installed on multiple computers
capable of being activated or used by one central controller.
Cookies: Small files implanted by websites on computers
to enable such services as customization, personalization,
and location-based recommendations. Cookies are often
used by websites to track visitor actions online without
direct consent.
Cracker: A hacker engaged in criminal behavior. While all
hacking could be considered criminal because it involves
gaining unauthorized access to networks, crackers engage
in hacking with criminal intent. That is, they are hacking for
the purpose of stealing, destroying, or altering data.
Spoof: A fake Web or email address very similar to a
legitimate site such as a bank or credit card company.
Victims who respond to the fake address are prompted to
divulge personal information, frequently under the guise of
ensuring security.
Zero-Day Exploit: Software and security vendors regularly
announce vulnerabilities and release patches to fix the
problem. Such “zero-day” announcements are prime
opportunities for hackers to exploit the announced flaws
before users have the opportunity to install the fix.