Organizations Have To Strengthen Their Network Security To Protect Themselves From Malicious Attacks

By Author: EC-COUNCIL
Total Articles: 68
Comment this article

Organizations have to increase the security of their information network to help protect themselves and their customers from malicious attacks and misuse of their personal data stored on databases.
Last year, more than 286 million new threats were reported, accompanied by several new movements in the threat landscape, according to recent Symantec Internet Security Threat Report. The report highlights dramatic increases in both the frequency and sophistication of targeted attacks on enterprises; the continued growth of social networking sites as an attack distribution platform; and a change in attackers’ infection tactics. In addition, the report explores how attackers are exhibiting a notable shift in focus toward mobile devices.
In 2010, attackers launched targeted attacks against a diverse collection of publicly traded, multinational corporations and government agencies, as well as a surprising number of smaller companies. In many cases, the attackers researched key victims within each corporation and then used tailored social engineering attacks to gain entry into the victims’ networks. Due to their targeted ...
... nature, many of these attacks succeeded even when victim organizations had basic security measures in place.
Security is of great concern to organizations. Forty-two percent of enterprises rank cyber risk as their top concern, more than natural disasters, terrorism, and traditional crime combined Organizations are aware that they are constantly facing risks of cyber attacks but they also reported that protecting their information security is becoming more difficult due to understaffing, new IT initiatives that intensify security issues and IT compliance issues. The study is based on surveys of 2,100 enterprise CIOs, CISOs and IT managers from 27 countries in January 2010.

Enterprises are experiencing frequent attacks. The study reported that 75 percent of enterprises experienced cyber attacks, and 36 percent rated the attacks somewhat/highly effective. Worse, 29 percent of enterprises reported attacks have increased in the last 12 months. In 2010, attackers launched targeted attacks against a diverse collection of publicly traded, multinational corporations and government agencies, as well as a surprising number of smaller companies. In many cases, the attackers researched key victims within each corporation and then used tailored social engineering attacks to gain entry into the victims’ networks. Due to their targeted nature, many of these attacks succeeded even when victim organizations had basic security measures in place.
While the high-profile targeted attacks of 2010 attempted to steal intellectual property or cause physical damage, many targeted attacks preyed on individuals for their personal information. For example, the report found that data breaches caused by hacking resulted in an average of more than 260,000 identities exposed per breach in 2010, nearly quadruple that of any other cause.
Identity thieves have landed in the number one position for the 11th straight year, on the top consumer complaints received each year according to The Federal Trade Commission (FTC) reports. Over 1.3 million complaints were received in 2010, and of those, 19% were related to identity theft. Cyber criminals are also using social networking sites as an attack distribution platform, and have affected millions of accounts. A recent report by a leading online security firm said that more than 40 percent of social network users have fallen victims to scams or had been sent malware. Survey scams, rogue applications, click jacking; all relatively new scams that were not heard of a few years back are now targeting users of Facebook, Twitter and other social networking sites on a daily basis.
Facebook is the world’s most popular social networking site and is reported to have more than 600 million active users. Undoubtedly, with such a large number of active users, Facebook does seem to be the favorite hunting ground for scammers and hackers. Recently, the Facebook account of French President, Nicholas Sarkozy’s was hacked and an announcement that he will not contest in the 2012 French Presidential elections was posted. The Elysée presidential palace employees were quick to correct the hoax announcement and are trying to find the culprit.
In addition, attackers are also exhibiting a notable shift in focus toward mobile devices. "We are at a very early stage in mobile. But the evolution of the threat will be the same as the PC. We are already seeing that,” said Orla Cox, Security Operations Manager based in Dublin. A demonstration of a fairly rudimentary and not new, Android Trojan showed how easy it is for a phone to be compromised. The geinimi Trojan, which was seen mainly in sites in China, allowed hackers to send SMS messages from the phone with no trace to the user, make calls, reveal the exact location of the phone and even change the phone's wallpaper.
The number of cyber attacks is only going to increase if organizations fail to pay attention on the vulnerabilities of their network security. Organizations need to implement robust information security initiatives, including having a proficiently skilled IT security workforce, in order to avoid cyber attacks and security breaches. IT security professionals can increase their information security knowledge and skills by embarking on advanced and highly technical training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.
CAST will provide advanced technical security training covering topics such as Advanced Penetration Testing, Digital Mobile Forensics, Advanced Application Security, Advanced Network Defense, and Cryptography, among others. These highly sought after and lab intensive information security training courses will be offered at all EC-Council hosted conferences and events, and through specially selected authorized training centers.
About EC-Council
EC-Council is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (CEH) course, Computer Hacking Forensics Investigator (CHFI) program, License Penetration Tester (LPT) program and various other information security training programs offered in over 70 countries around the globe. EC-Council has trained over 80,000 individuals in technical security training and certified more than 38,000 security professionals. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency in the lack of highly technically skilled information security professionals.