The security space is constantly evolving. As fast as technology is changing, cyber criminals with malicious intent are never far behind, adapting their methods to take advantage of new ways of attack, writes Fred Mitchell, Symantec division manager at Drive Control Corporation.
Cybercrime has become a more profitable industry than the drug trade, and as a result the malicious software now developed is no longer about simply causing a nuisance, but has evolved into a sophisticated scheme aimed at stealing sensitive information in order to make a profit.
Methods like spear phishing are aimed at obtaining this information through a highly targeted attack that uses personal details and information to make the attacks seam more genuine, and this method is gaining popularity.
Other trends to look out for include the growing use of shortened URL links in spam e-mails to disguise the nature of the link and the use of languages other than English in malicious mails, depending on region.
One trend that stands out as something that is set to explode in growth is the move away from threats that only target the Windows operating system. In the past, because Windows owned such an overwhelming majority of the market, it made sense for cyber criminals to focus their activities in this space.
However, as Mac and other non-Windows operating systems have gained market share, they have increasingly become the target of attacks over the years, as there is now profit to be made by aiming at these users.
This move has also been fuelled by the massive growth of the smartphone and tablet PC market, and as these devices have become more mainstream they have become at greater risk as targets for malicious intent.
The use of smartphones, and now of tablet PCs, to access the Internet, has grown exponentially over the last few years, especially in emerging markets such as South Africa, where a large percentage of the population uses their phone as their means of accessing the Web.
Mobility is by no means a new thing, but the sheer proliferation of its use in recent times, as well as an increasing drive for constant connectivity, has greatly increased the risk associated with using these devices.
One mistake users make is in assuming that these devices are safe to use for browsing. However, the reality is that they are at risk for the same threats that attack PCs and computers, as spam e-mails are often pushed to the devices through in-built e-mail capability and malicious links could just as easily contain harmful software that could attack the phone.
Specific viruses are now being written for phones, and there is now a range of viruses and Trojans aimed particularly at these mobile devices, sent through SMS, MMS and e-mail, with the intention of stealing information.
The other risk is that often these mobile devices are connected to a network in a home or office environment. Malicious tools that infect mobile devices may not affect the phone directly, but they can sit dormant until the user connects to a network and can then affect the network in the same way as computers accessing the network can.
This makes it vital for organisations of all sizes as well as personal users to protect their smartphones and other mobile devices in the same way they would protect their PCs and networks.
Solutions are now available for mobile devices that offer protection against malicious threats as well as against unauthorised access to information.
These solutions provide similar protection for mobile devices including antivirus technology and firewalls, as well as additional functionality including SMS antispam protection. And with ever tightening compliance regulations for enterprise, mobile protection solutions can help to ensure that users with such devices do not compromise the internal and external security compliance requirements of businesses.
The rule of thumb is that information must always be protected, no matter the device on which this information sits. With the dramatic increase in mobility and the growing number of users who now have multiple devices this has become a more complicated process.
Protecting all network accessing devices from malicious software is becoming a necessity, but software is not enough and a comprehensive backup strategy needs to be in place that covers all of the devices used to store and access information.
The reality is that the more portable a device, the more likely it is to get lost or stolen, and with people now using these highly portable devices to work from as well as their PCs, multiple versions of documents exist across multiple platforms which need to be backed up. These mobile devices need to be synced to PCs and the network to ensure the correct information is backed up.
Protecting information is a two-fold process that has become even more important with the growth of mobility and constant connectivity. A combination of the latest protection software with a comprehensive, all encompassing backup strategy is the best way to ensure organisations and individuals do not fall foul of the ever increasing number of threats in the cyber world.