No room for fraud

Courtesy its fast growing online population, India is emerging as one of the most attractive targets for cyber criminals. According to a report, the total Internet user base in the country is estimated to grow to 354 mn by June 2015. With increased bandwidth and a wider reach of the Internet, companies all over the country are putting their data online. Growing Internet penetration along with the rising popularity of online banking has made India a favorite among cyber criminals, who are devising new methods and techniques of hacking. Add to that, increased adoption of Social, Cloud Computing and Mobility (SoCloMo) has knocked open the limits of enterprise IT that was so far stationed within the four walls of the enterprise.

Naturally, security challenges have increased manifold for enterprises. Given this scenario, companies are getting their act together and focusing on stepping up security measures within the enterprise by investing in customized security solutions. The trend is not being seen in large enterprises alone, even small businesses are waking up to the importance of security. Virtualization, mobility, and cloud have also changed the traditional information security landscape. Over the last few years, end-point, server and virtualization security, data leakage, and now protection against advanced persistent threats are some of the biggest trends observed among enterprises.

“We have noticed that besides the traditional end-point solutions, a lot of security focus is being shown by SMBs as well as large enterprises on virtualization security, storage security, etc,” Altaf Halde, Managing Director- South Asia, Kaspersky Lab.

Apart from this, mitigating security issues posed by BYOD is high on the radar for Indian organizations. “Mobile device management is also becoming a de facto security standard and a ‘must have’ in large enterprises. Although, SMBs are still considering it in a ‘good to have’ category,” adds Halde.

RISING COMPLEXITY OF ENTERPRISE THREATS

With technological advancements, like the rising trend of digitization and the way information is getting processed, the type of risks and security aspects are changing rapidly. Also, the damage associated with any security breach is much greater for any company.

“With digitization and technological advancement in relation to the structure and functioning of the organization, what has happened is that data and network security is at the heart of all verticals. This makes a security threat equally damaging to almost all sectors and departments that sustain the functioning of the organization."

Network security and the ability to identify and fortify weak spots are crucial to survive in a highly digitized ecosystem. Financial data, intellectual property, customer records, personal data, etc, are at risk in case of a security lapse which ultimately affects each and every associated individual in more than one ways,” emphasizes Sajan Paul, Director Systems Engineering, India & Saarc, Juniper Networks.

The security landscape is getting more complex by the day primarily because cyber criminals continue to devise advanced attack mechanisms. This is emerging as the biggest enterprise security challenge as even though organizations continue to beef up their security measures, they are not able to keep pace with the evolving cyber attack techniques. The diversity of threats deployed by attackers is increasing at an exponential pace—from financially motivated attackers targeting anyone with a point-of-sale system to cyber-espionage from nation states targeting corporate IP and networks.

Secondly, the onset of trends like cloud computing and mobile has expanded the attack surface significantly. This calls for a change in the traditional security approach; organizations now need to move beyond perimeter-based security and need to secure a mix of traditional, virtualized, cloud, and hybrid infrastructures. Further, they need to ensure the security of mobile devices, which are highly vulnerable entry points for cyber criminals to exploit the enterprise IT environment. They also need to ensure proper protection for corporate data being accessed by employees on personal devices.

Paul puts this in context, “With the kind of technological progress we have made, the idea of security is something that is constantly being redefined. In relation to our customers and their security concerns what we now see are a new set of patterns and trends facilitated by relatively newer arenas. The hacker black market is something that poses a great threat. The fact that it has matured implies more organized, creative, and ultimately more lethal attacks on networks.”

Another trend that is set to take the security world by storm is the Internet of Things (IoT). As IoT becomes a reality, many of the current security methods will have to be revisited and adapted for a connected world. “Security with regards to the IoT phenomenon is another major issue. This is also in relation to protecting or upscaling the measures to ensure user data and privacy is not compromised in any degree,” adds Paul.

TACKLING NEW AGE THREATS

Given this scenario, the need to have a defense in depth approach in terms of security has never been higher. To counter threats in a dynamic IT environment, organizations need to look at networking and security as complementing entities that are both extremely vital. This ultimately calls for integration of networking and security functionality within the organization. Implementation of such an integrated security system will minimize vulnerable gaps in the system that are prone to attacks. However, identifying potential weak spots gain paramount importance in this context and coming up with security policies require a strategic vision both in terms of countering threats and reinforcing weak spots.

“Security is all about various Ps—people, process, policy—you can have the best laid down process and policy but you need constant validation and enforcement. Organizations need to adopt the best network based technologies, cloud SaaS technologies, best-in-class end-point protection, data leakage protection, and datacenter security, as well as need to do regular audits of their security postures and training and education of their staff,” says Amit Nath, Country Manager, India & Saarc, F-Secure.

OUTLOOK

According to a report by Kaspersky Lab, its anti-malware research team processes 325,000 new malicious files every day. And this number is only expected to increase further with attackers launching more sophisticated and targeted attacks. No wonder, there is increased focus on information security within enterprises. This is validated by the research firm Gartner, which predicts that the global IT security spend will grow an additional 8.2% to reach $76.9 bn in 2015. Organizations are fast realizing that a radical change is required in the traditional enterprise security strategy.

“Organizations are moving from just guarding the network perimeter with on-premise firewalls and installing antivirus software on end-points to monitoring,” states Sudeep Charles, Product Marketing Manager, Asia Pacific & Japan, Akamai.

However, the key to achieving a high level of information security is to move from reactive security to proactive security. Charles sums it up perfectly, “CSOs and CISOs will need to continuously monitor the evolving threat landscape and change their perception from if we get hacked to when we get hacked.”