Underinvestment exposes end-point security

By

A lack of investment in end-user application security has left users open to attack, according to a group of security experts..


"End-points are a data repository and they need to be protected. It is an area of underinvestment today," said Richard Reiner, chief security and technology officer at Assurent Secure Intelligence.

Speaking at last week's NetEvents symposium in Barcelona, Reiner warned that this is more important today, as end-points are becoming a primary focus of attack.

"Just under 50 per cent of the security holes that are exploited are on the end-point," he said.

"And they are in software products that you would not think could be attacked, like web browsers and word processors."

Joshua Corman, principal security strategist at IBM, suggested that the danger had increased because attacks are no longer purely ego driven and are motivated by "profit, politics and prestige".

Corman pointed to the Storm worm as an example of today's profit-motivated attacks.

"Storm is enjoying tremendous financial success because it uses malicious code activity on end-points as a source of revenue generation to send spam," he said. "They are making millions and millions of dollars every day."

Reiner added that the problem today is not so much network services, as these had lower rates of vulnerability.

"A lot of the low-hanging fruit has been picked off by the black hats out there," he said.

"There are a much larger number of desktop products than server products. They do not tend to have been reviewed well from a security perspective, and they tend to have a much higher relative rate of vulnerability."

Reiner called for a change in security investment spending. "The end-point is not nearly so well protected today as it ought to be, given the actual distribution of risk," he said.

However, Corman maintained that the weak point is still the end user. "The success of Storm, for example, is a renaissance of social engineering and the one thing you cannot patch in is people," he said.

"There is no vulnerability whatsoever, but they are getting someone to download something and run it and taking advantage of the machine."
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
exposessecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?