Business Daily from THE HINDU group of publications
Monday, Nov 30, 2009
ePaper | Mobile/PDA Version | Audio | Blogs
eWorld
Features
Stocks
Foreign Exchange
Shipping
Archives
Google

Group Sites

 eWorld - Security
Wolf in sheep's clothing

L.N. Revathy

Watch all connection points to the computer — be it thumb-drive or smartphone — for intruders..

The weakest points on the corporate network are end points such as laptops, smart phones and storage devices.


A predictable day in a professional's life (say, in Bangalore) would probably begin like this: At 9 a.m., he is working on the latest presentation on his laptop on way to office; An hour later, on reaching office, he connects a thumb-drive to the office workstation to let his boss see the presentation. After getting his nod, he leaves for the airport, to meet a customer in Mumbai. Meanwhile, the boss calls to make some last-minute changes. The file is transferred from the laptop to his smartphone, and the changes are incorporated. On his reaching the customer's office in Mumbai, the smartphone is connected to the customer's office system, to enable the client see the presentation.

This workflow is quite common. What one probably fails to see is, when files are downloaded and copied on to a thumb drive and later transferred to laptop, the gates can be opened to attackers. While a mobile device helps increase efficiency, it also allows Trojans and malware to enter the network, infecting one's laptop, smart phones and every end point that is connected to it.

“Given today's mobile workforce, and the range of sophisticated devices, organisations will have to take a holistic approach in protecting their end points,” says Vishal Dhupar, Managing Director, Symantec. While smartphones are relatively rare compared with PCs, Symantec sees these devices as the next destination of hackers, since smartphones are being used in the same way as computers for accessing information.

Rising number of endpoints

With smartphones, the old notion of “protecting the perimeter” has acquired new meaning. The ubiquity of these devices requires enterprises to include them in the list of endpoints to be protected, says Dhupar.

Until a few years ago, PCs made up the majority of the endpoints connecting into the business network. But today the variety of endpoints is staggering — devices such as smart phones, PDAs and portable entertainment systems have become ubiquitous in many businesses.

According to Gartner Consumer, in India alone, the laptop market is expected to grow by 37 per cent in 2009 to 3.69 million units constituting one-third of the PC market, which, in turn, is likely to grow by 13.7 per cent to 11.1 million units. The smartphones market, on the other hand, put at 5 million in 2008, is expecting a compounded annual growth rate of 23 per cent by 2011.

Smartphone continues to be the fastest growing segment in the mobile device space as the slowdown phase in the hand-held segment seems to be over, says Gartner. The increased mobility is a bonanza to potential attackers. In its latest Internet Security Threat Report, Symantec has found that threats such as spam and phishing are increasingly “going mobile.”

The growing number of people using devices such as smartphones is becoming a bigger target for unauthorised and potentially harmful software, including worms, viruses, and spyware that tracks a user's Web activity, says Dhupar.

Security vendors such as Trend Micro, McAfee and Symantec have come up with solutions designed specially for endpoint security. Trend Micro's Office Scan 10.0 protects desktops, laptops, servers, storage appliances, and smartphones — on and off the network, says the company's Country Manager for India and SAARC, Amit Nath.

Symantec's Endpoint Protection 11.0, the company says, is designed to deliver defence against malware for laptops, desktops and servers. McAfee's Total Protection for Endpoint provides protection against all threats — from rootkits to hacker attacks, according to the company.

Risk to critical enterprise assets

With recent trends in the information security domain showing significant increase in the number of malicious threats aimed at securing not just confidential data but also critical enterprise assets, experts perceive that there will be over 1,500 new, unique malware variants every hour in 2009 and two-thirds of endpoint devices infected (by malware) annually. The loss of corporate data/information is expected to have its own consequences on the business. And the weakest points on the corporate network are end points such as laptops, desktops, servers, smartphones and storage devices. Reports reveal that nearly two out of every three corporate endpoints are compromised due to malware every year.

“With security management complexity increasing, it is difficult for the traditional endpoint security to keep pace with threats. Enterprises need proactive security solutions that are able to immediately detect new and emerging Web-based threats without overburdening their endpoints,” says Dhupar.

A Frost & Sullivan Study on Enterprise Theft has estimated the size of the enterprise security market in India in 2008 at $ 129 million and growing at 10.5 per cent year-on-year.

The study reveals that 83 per cent of threats faced by Indian firms arise from internal security breaches, 85 per cent due to viruses, worms and Trojan horses that damage computers, causing financial losses of over 40 per cent and intellectual property losses of 35 per cent.

Blackberry users

BlackBerry users eWorld sounded out had an interesting take. A top professional in the media space says he uses a Nokia handset but his organisation does not allow employees to plug the device on to a PC or workstation. But his phone, he says, offers security features such as device encryption and integrated mobile VPN for secure and reliable access to company intranets. Security applications from third party developers provide solutions for anti-virus, personal firewall, data security and authentication needs.

Another professional attached to Hitachi Data Systems says she uses her BlackBerry to access mails. Hitachi has a BlackBerry server in the US. So, when an employee buys the instrument, he/she shares the number with the company for activation of the same, so the employee can have official mails and correspondence routed via the hand-helddevice. “It is secure, and easy to keep in touch even on the go,” says the professional, pointing out that companies often give access only to officials above a certain level.

In these contexts we see the smartphone being used as a phone, and for accessing mails and sending SMS, not so much for surfing the Net; and the chances of plugging it to workstations or PC are even more remote.

But whatever the device you use, it pays to watch all the connecting points, caution experts.

lnr@thehindu.co.in

Related Stories:
Symantec warns of rogue software
First iPhone worm detected

More Stories on : Security | Viruses

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
$500 m savings annually…

Being invisible online won't help
Wolf in sheep's clothing
Unmask the masquerador
Guard your territory
Don't fill all the blanks
Twist to the show
Quiz
Reasoning beyond intuition
Rollout drive
Designed for Intel


The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription
Group Sites: The Hindu | The Hindu ePaper | Business Line | Business Line ePaper | Sportstar | Frontline | The Hindu eBooks | The Hindu Images | Home |

Copyright © 2009, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line