Extranet    | Legal & Privacy Notice | Search | Sitemap
flash

Press Release

IT security 2010: Stonesoft warns of heightened risk

Credit card data in a fishbowl / Security pitfalls of social media / Cloud computing under a dark cloud / Dangers of mobile work environments

Helsinki, 4 February 2010 – Not only credit institutes but all companies and public organizations should exercise special care in handling credit card data as well as take a critical look at their network security systems and policies – this is the recommendation of Stonesoft (NASDAQ OMX: SFT1V), an innovative provider of integrated solutions for network security and business continuity.

However, increasing abuse of credit card data is only one of the critical security issues that Stonesoft's experts have identified for this year. A look into the crystal ball of IT security in 2010 reveals heightened risks associated with recent trends such as social media, cloud computing and mobility. Stonesoft predicts that the number of attacks on private and corporate networks will increase in 2010. The problem is that security awareness of users and companies does not keep pace with the newest trends.

While in many cases the threats are not new, the channels of distribution have not been there before. Outsourcing, social networks on the Internet and the use of mobile devices make data and identity theft easier than ever before. In addition, the boundaries between private and corporate systems are becoming less and less distinct. Employees update their Facebook profiles from the workplace, book their next holiday from a company smartphone or link to websites from in-house blogs. Stonesoft's security experts warn companies and private users alike to keep network security in mind particularly when dealing with new applications and services.

The main dangers in 2010

Credit card data – inadequate identity protection

When companies lose customer data, they also lose an enormous amount of trust. While many companies protect their customers' credit card data against abuse by setting up a firewall, this hardly provides adequate protection against the criminal efforts of hackers. Instead, companies should invest in more comprehensive security mechanisms in 2010 and provide their networks with additional protection through an Intrusion Prevention System (IPS). Now that the Payment Card Industry Data Security Standard (PCI-DSS) is in effect, this is mandatory for all companies that store, process or transmit large amounts of credit card information.

An IPS detects intruders before they reach critical network areas; the system automatically removes worms, spyware and other malware. At the same time, reports help administrators to determine who has accessed which data at what time. This provides better defence against attacks and enables the departments involved to identify possible problems in time. To provide adequate protection against data abuse in 2010, organizations must therefore have an IPS.

Social Media – the curse of networking

More and more social media services attract users through fast communication and the ability to keep up with contacts. Portal user-friendliness and the high speeds at which messages are disseminated are an enormous enticement – but they also harbour a great many dangers. The users themselves are responsible for most of these risks. The easier and faster it is to publish information on the Internet, the more cautious users have to be in dealing with the social Web. Once the data has been published in the Internet, it is almost impossible to delete it completely. Even after the original files have been deleted and overwritten, the information often remains available in search engine archives. Companies must therefore put more effort into making their employees aware of these dangers and set clear guidelines for the use of social media.

One of the greatest threats in 2010 will be what is known as social engineering. Attackers identify the personal IT environments of their victims and make improper use of their digital identities. This means that even messages from friends and acquaintances can contain harmful software – without the recipient being aware of this. In early 2009, the Conficker virus infected around 50 million computers in Germany alone – and security experts will have to deal with it again this year.

Future hackers will find more and more ways to attack private and corporate networks. Internal e-mails can be as much at risk as private messaging services on social media sites. It is important that users pay greater attention to this problem.

Cloud Computing – the dark side of the cloud

Cloud computing gives companies attractive benefits by handing expensive IT operation and management tasks over to external service providers. If the parties also agree on a pay-per-use model, the company pays only for the services it actually needs, which eliminates unnecessary IT expenses. However, what many people neglect to take into account when selecting a suitable outsourcing partner is the security of the outsourced data. This is a mistake that can turn into an enormous risk as the number of outsourcing contracts continues to grow.

When companies outsource their IT services to an external provider, they also hand over the confidentiality, integrity and availability of their data. Most outsourcing service providers sell their customers a complete package. Although the quality of service is secured by service level agreements (SLAs), these agreements very rarely cover data security. Data security is often a kind of "pig in a poke" that the customer purchases along with the overall package. The company's actual security requirements are not taken into account. When selecting service providers, IT managers must therefore pay greater attention to their existing security systems. Does the system meet the company's specific requirements? What kind of guarantees does the service provider offer? Is the reporting system complete? What happens if data is abused? Who is liable?

Stonesoft's experts expect to see the cloud computing trend continue in 2010. Only serious incidents of data loss or abuse will draw attention to the issue of "security in the cloud", despite the fact that there is an urgent need for this even today. The companies themselves are primarily responsible for this. In the future, they need to actively demand that their service providers offer improved security mechanisms that target specific needs.

Mobile devices – dangerous little helpers

Mobile devices such as smartphones and PDAs have long since found their way into the business world – thus also providing access to critical data. However, they rarely offer the same level of protection as do desktop PCs. For this reason, mobile devices are becoming more and more attractive to hackers.

The threats are not new; after all, they are similar to attacks on laptops. The primary difference is that users often assign very simple passwords for accessing their mobile devices, since typing is more difficult on a mobile device than a keyboard. In addition, employees use their mobile devices for both business and personal calls, while neglecting to regularly update their anti-virus software and firewalls. A virus can therefore easily infect not only the user's system, but the corporate network as well. To effectively circumvent these dangers in the future, companies must be able to administer the devices from a central point. This makes sure that the security settings and updates for each individual PDA are always up to date.

However, the real situation is quite different. "Most companies ignore the dangers of increasing employee mobility. Although the demand for smartphones and PDAs continue to grow, the security functions of these devices remain inadequate. This plays right into the hands of future hackers," warns Joona Airamo, Chief Information Security Officer at Stonesoft Corporation. "Only when users become more aware of the possible dangers will the demand for better security mechanisms grow as well. Until that happens, however, we can expect to see an increase in the number of attacks on mobile devices."

Contact

For more details, please contact:

Klaus Majewski
VP, Marketing
Stonesoft Corporation
Tel. +358 9 476 711
E-mail: klaus.majewski(AT)stonesoft.com

About Stonesoft

Stonesoft Corporation (NASDAQ OMX: SFT1V) is an innovative provider of integrated network security solutions to secure the information flow of distributed organizations. Stonesoft customers include enterprises with growing business needs requiring advanced network security and always-on business connectivity.

StoneGate™ Secure Connectivity Solution unifies firewall, VPN (Virtual Private Network), IPS (Intrusion Prevention System) and SSL VPN blending network security, end-to-end availability and award-winning load balancing into a unified and centrally managed system. The key benefits of StoneGate the solution include low TCO (Total Cost of Ownership), excellent price-performance ratio and high ROI (Return on Investment). The StoneGate Virtual Security Solutions protect the network and ensure business continuity in both virtual and physical network environments.

StoneGate Management Center provides unified management for StoneGate Firewall with VPN, IPS and SSL VPN. StoneGate Firewall and IPS work together to provide intelligent defense all over the enterprise network while StoneGate SSL VPN provides enhanced security for mobile and remote use.

Founded in 1990, Stonesoft Corporation is a global company with corporate headquarters in Helsinki, Finland and Americas headquarters in Atlanta, Georgia. For more information, visit www.stonesoft.com and the corporate blog http://stoneblog.stonesoft.com.

Thursday, February 4, 2010