More security attacks expected on social networks and Web 2.0 users

10 Jul 2009

Soaring unemployment will increase the ‘threat from within’ organisations while more attacks are expected for social networking and Web 2.0 users, according to the latest security review by CA.

Considering the embarrassing disclosures around laptop thefts it is at least comforting to know that large financial institutions, retailers and Irish government departments beginning to take more comprehensive preventative measures.

CA today warned that many Irish businesses are facing increased security threats as the economic downturn continues. Sensitive company data is at higher risk of being lost or stolen as the recession hits and companies are forced to downsize their staffing numbers.

Other security issues that will become more prolific during the remainder of the year in Ireland include more concentrated attacks on Web 2.0 and social network users; problems caused by excessive entitlements; security concerns around virtualisation and cloud computing; and access control of personal health records.

Despite recent major security breaches in Ireland, CA has begun to see an improving picture among organisations that hold significant volumes of customer and/or employee data.

“Many of the larger Irish financial institutions, retailers and public sector organisations have realised that ‘prevention is better than cure’ and have begun implementing comprehensive Data Leakage Protection solutions,” John Power, Ireland business security manager, explained.

“This ensures a much more proactive and preventative approach to controlling sensitive information.  They don’t want any repeats of the high-profile problems with personal data that we have witnessed in recent times.”

According to CA the threat from within is likely to grow. As unemployment is expected to reach close to 450,000 in Ireland by the end of 2009, businesses will face unprecedented difficulties around data retention. 

Disgruntled employees facing redundancy will be more tempted to misuse or steal company data and most companies have no ability to track or prevent this. In a recent CA-sponsored survey of over 400 CIOs and IT directors around the world, 73pc of enterprise organisations believed that layoffs have increased the internal threat to IT systems. Organisations that are downsizing need to ensure that sensitive data is protected at all times.

Web 2.0 and social networking could endanger more company networks. More than half a million people now use Facebook in Ireland with numbers growing every day. 

Many other social networking and Web 2.0 sites are also enjoying huge growth.  With the number of instances of computer worms and malware being maliciously spread on popular social networking sites set to increase significantly, this will become a pressing concern for Irish businesses. 

CA says it is imperative that businesses provide employees with clear guidelines on how to safely use Web 2.0 tools at work, particularly when employees are representing the company on social media such as Linkedin, Facebook or Twitter.

In 2009/2010, excessive entitlements (privileges) are likely to become a CEO-level concern. When Société Générale trader Jérôme Kerviel exploited esoteric knowledge of trading and back-office processes, it caused his employer to lose almost €5 billion.

This is entitlement abuse on a grand scale. However, excessive application privileges, lack of separation between roles, and failure to remove access when employees change roles mean that many organisations now have major security headaches. Curious employees can damage the company’s reputation by distributing sensitive information, while others may see opportunities to make ‘quick money’ at the company’s expense.

Securing the Virtual IT environment can present added challenges. It’s clear that virtualisation and cloud computing will bring many benefits for businesses in Ireland. 

As more resources and applications are placed and run on virtual servers, businesses need to protect all of the data in the same way as they do on their physical servers. With confidentiality, compliance and accessibility all integral to any roll-out of virtual IT, businesses should ensure all three boxes are ticked before moving to a fully virtual environment.

Wide-open Healthcare Records will become a priority in 2010. As Ireland considers adopting a centralised electronic healthcare record program; interoperability and access control of personal e-health records will become a major priority. Debates over who can access patient records, and under what circumstances, will drive greater awareness of entitlements in healthcare and beyond. Ultimately, patient data needs to be absolutely secure at all times.

“The security outlook for the remainder of this year is greatly influenced by the economic and political events of the past six months,” Power explained. 

“We are living in a time of exceptional change in Ireland. IT budgets are shrinking at a time when new exciting technologies are emerging almost every day. 

“While many of these technologies offer businesses much better ways of improving efficiencies and reducing costs, it’s imperative that effective security management plays a central and constant role at all times,” Power added.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years