Shoring up leaky cyber defences

We are taught as children that sharing is good and in this globally interconnected internet age, sharing is easier than ever. Whether it's on social networking for work or personal pleasure or on news forums, the way we share information is changing everything – the way we live our personal lives, interact with our governments, and run our businesses.

It informs our interactions, helps us build relationships, refines our decision-making and shapes our understanding of the world. But unfortunately, this daily sharing is not just good for us – it is gold for potential attackers. All this sharing represents a huge opportunity for financial gain in the cybercriminal world.

Malware, scams, spyware and malicious attacks and exploits are all about stealing your users or your company's property and identity. The new threat landscape is defined by a sophisticated network of hackers working for professional organised cybercrime rings. Malware in particular is on the increase – in 2011, there was a 60 per cent increase year-on-year increase in malware. The volume of the threats is only matched by the sophistication – to avoid being caught, cybercriminals are constantly changing the landscape. This can make effective and efficient security tricky.

As attackers know there will be some kind of blocking technology between them and their targets, they will work to find new and creative ways to bypass these. The criminals understand online user behaviour and leverage this to their advantage – such as in Search Engine Poisoning (SEP). In 2011, research from our Blue Coat Security Labs demonstrated that SEP ranked as the number one web threat delivery method. To be victimised, the user clicks on a trusted link – that is actually a delivery platform for a malicious attack – and just like that, the security has been bypassed.

And of course, just like pickpockets in a busy city square, many cybercriminals go where the most people go – ie social networking sites like Twitter and Facebook – places where they can get a good return for their disreputable investment. Some, however, will specifically target an individual, company or organization. Productivity issues aside, the social networking ecosystem is a prime target for scammer and cybercriminals. These threats are effective since they originate from legitimate sites, popular search results or trusted friends that exploit the unsuspecting user through use of a shifting, complex network or relays and dynamic links – a malware delivery network.

With most employees now expecting access to social networking at work – in fact, some job functions and roles require access – simply blocking sites such as Twitter and Facebook is not an option. However, many IT departments struggle with the trade-off between security and the need to share information. Inside a social network, our guard is down because we are among friends – cybercriminals know this, and exploit it.

Originally, conventional security wisdom said to build a hard shell of perimeter defense around the network, protecting entry and exit points with firewalls. Anti-virus protection, intrusion prevention and web filtering has since been added, but this approach is no longer effective.

It fails in two areas: network protection can no longer be the primary defence since so much traffic is web coming from legitimate or reputable sources, and a policy of severely limiting users from using the internet is no longer practical. This approach is quite constraining and not particularly effective by forcing businesses to apply static, reputation-based URL or content filtering policies to attempt to characterise the web as a series of safe or unsafe sites to allow or deny access based purely on this determination. The web changes too fast, and a good deal of threats come from reputable sites.

This type of cyber defence tends to be too simplistic in scope for the following reasons:

They rely too much on reputation. An acceptable website may have been infected with malware which is then passed on without the user knowing.

They fail to keep up. Having to characterise individual websites and content as safe or unsafe is a time-consuming, never-ending task which is unlikely to be able to keep up with the fast changing malware network.

Therefore, there is a need for new controls for new web behaviours. These conventional types of security are no longer enough – businesses need to look at implementing security that can act and react in real time.  These new defences must be able to see through the shifting, short-lived links and delivery schemes of the malware delivery network. They must be able to understand what is happening inside the social networking ecosystem and enable policy controls that understand specific activities and applications within social networking domains.

With malicious activity on the rise, new methods of security are needed to negate the threat without limiting the vital, stimulating and thriving interaction of the online world. While organisations and businesses may need to reconsider their own security measures and processes, users also need to be aware of potential threats and limit their own exposure where appropriate. Sharing doesn't have to be a negative when the right security is in place and cybercriminals are denied.    

Bruce Bennie is the managing director of  Blue Coat Australia and New Zealand.