iTnews
  • Home
  • Features
  • Technology
  • Security

Fighting the new face of cybercrime

By Brad Newton on Jun 3, 2010 5:06PM
Fighting the new face of cybercrime

Cybercrime has become more sophisticated, but there are ways to harden up your company's defences, as Symantec's Brad Newton explains.

Businesses are being confronted by a new breed of profit-hungry cyber criminals, focused on accessing confidential data and intellectual property for financial gain. Cybercrime is no longer an issue of showmanship, perpetrated by hackers keen to disrupt IT systems. It has become a serious business and today's cybercriminals have become exceedingly efficient in their plans to access and exploit business critical information.

More feared than terrorism
The recent Hydraq attacks highlight the targeted nature of today's threats, designed specifically to steal confidential information.  According to a recent report into worldwide cybercrime trends, 60 percent of identities exposed in 2009 were compromised by hacking attacks.  In addition, according to a broad study of large organisations, 90 per cent of Australian and New Zealand enterprises have fallen victim to cyber attacks in the last year.

Enterprises are very aware of the risks of cybercrime with 43 percent of Australian and New Zealand (ANZ) organisations rating it as their top business concern. This threat was ranked higher than natural disasters, terrorism and traditional crime combined.

Protecting business critical information from cybercriminals is complicated due to a number of factors. Firstly, the pace of information growth is accelerating, IT infrastructures are expanding and new computing platforms are being adopted. At the same time, the workforce is becoming more mobile. Employees are accessing and sharing company information at home and on the road, leaving companies more vulnerable to the risk of data loss. It is clear that, in this environment, security professionals have more to manage than ever before.

A three-point plan
To protect themselves effectively, businesses now require a focus on security continuity that allows them to continuously respond to internal and external changes.

First, businesses need to take a risk-based and policy-driven approach to security. Information growth continues to expand exponentially. It would be too costly and inefficient to try and secure everything, so businesses should focus on their critical data and assets only. Today's attacks by cybercriminals and insiders alike often take advantage of weak IT policies that expose information. Companies need more comprehensive and effective policies to control who and what has access to information and infrastructure. 

Second, companies should take an information-centric approach to security. Businesses need to know where their important information assets are and who has access to them. And if a company doesn't have a good handle on where their important information is, then they are at risk. It's not only important, however, to know where your information is. You must also make sure that the right things happen as that information flows both within the company, and to and from the company.

Finally, companies need to operationalise their infrastructure management through standardisation, workflow and automation. A well-managed infrastructure will ultimately result in a better-protected infrastructure and a safer online working environment.

Protecting key vulnerabilities
Research has shown that cybercriminals are targeting four key areas of weakness that are putting business environments at risk: poorly-enforced IT policies, poorly-protected information, poorly-managed systems, and poorly-protected infrastructure. 

So how can businesses manage the four key areas of weakness and focus on protection that matters? The following tips provide a good starting point.

  • Develop and enforce IT policies, and automate risk management and compliance processes.By prioritising risks and defining policies that span across every location, businesses can enforce policies through built-in automation and workflow, and not only identify threats but remediate incidents as they occur or anticipate them before they even happen.
  • Protect information proactively by taking an information-centric approach to protect both information and interactions. It's not enough to know where the information resides - you need to know how it moves and who has access to it so you can protect it. Taking a content-aware approach to protecting your information is key in knowing where your sensitive information resides, who has access, and how it is coming in or leaving your company.
  • Manage systems efficiently. Systems management needs to make an organisation's life easier through standardisation, workflow and automation. These are things that can be put in place to make security software do the heavy-lifting on everything from patch management to regulatory audits.
  • Protect the infrastructure and respond to threats rapidly.Companies need visibility into their systems so they can manage them properly and ultimately protect against emerging threats.

 As the latest report into worldwide cybercrime trends amply demonstrates, the threat landscape continued to evolve in 2009, with significant growth in both the volume and sophistication of cyber crime attacks targeted at enterprises. The good news is that targeted attacks can be defeated. By taking precautions against the four areas of weakness, organisations can significantly bolster their defences against targeted attacks and defeat the new face of cybercrime.

Brad Newton is the director of enterprise sales at Symantec Australia and New Zealand

Got a news tip for our journalists? Share it with us anonymously here.
Tags:
cybercrimefacenewofsecuritythe

Partner Content

Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like
Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention
Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Promoted Content Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Why Genworth Australia embraced low-code software development
Promoted Content Why Genworth Australia embraced low-code software development

Sponsored Whitepapers

Free eBook: Digital Transformation 101 – for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see

Events

  • Forrester Technology & Innovation Asia Pacific 2022
By Brad Newton
Jun 3 2010
5:06PM
0 Comments

Related Articles

  • The Good Guys pauses facial recognition trial
  • Victorians lost $31.9 million to business email compromise in 2021
  • White House plans 30-country meeting on cybercrime and ransomware
  • ACCC greenlights Google's buy of Mandiant
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Australian court finds insurer not liable for ransomware clean-up costs

Australian court finds insurer not liable for ransomware clean-up costs
NSW Police dumps Bezos-backed Mark43 from core systems overhaul

NSW Police dumps Bezos-backed Mark43 from core systems overhaul
Telstra deregisters 900MHz sites “hindering” Optus 5G rollout

Telstra deregisters 900MHz sites “hindering” Optus 5G rollout
ADHA extends Accenture's My Health Record support deal for $100m

ADHA extends Accenture's My Health Record support deal for $100m

Digital Nation

Australia will lose 11 percent of jobs to automation by 2040: Forrester
Australia will lose 11 percent of jobs to automation by 2040: Forrester
Domino’s invests in observability for zero contact delivery
Domino’s invests in observability for zero contact delivery
Criteo to fork out $94.7m for consent breaches
Criteo to fork out $94.7m for consent breaches
Metaverses on the agenda for Dominello, Husic ministerial meeting
Metaverses on the agenda for Dominello, Husic ministerial meeting
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.