You are here
How secure is your digital security?
MICROSOFT'S SmartScreen filter, a cloud-based anti-phishing and anti-malware tool, detected 14.8 malware hosting sites per 1,000 Internet hosts worldwide in March 2017. China had one of the lowest concentrations of phishing sites in the world (0.8 phishing sites per 1,000 Internet hosts in March 2017), but had one of the highest concentrations of malware hosting sites (45.9 malware hosting sites per 1,000 hosts).
Other locations with high concentrations of malware hosting sites included Singapore (21.6), Ukraine (19.0), and Hong Kong SAR (18.9). Locations with low concentrations of malware hosting sites included Finland (4.1), Taiwan (5.3), and Turkey (5.3).
This data comes from the latest (22nd) edition of the Microsoft Security Intelligence Report. The analysis comes from security-related signals from both on-premises systems and cloud-based services that Microsoft operates globally.
"Every month we scan 400 billion emails for phishing and malware, process 450 billion authentications, and execute 18 billion webpage scans," the report states. "We have organised the datasets into two categories, cloud and endpoint, because we believe it is important to provide visibility across both. We're also sharing data about a shorter time period, one quarter (Jan 2017 to Mar 2017), instead of six months."
The SmartScreen component is included in several Microsoft products, including Windows 8 and later, Internet Explorer, Microsoft Edge, and Outlook.com. It helps protect users against attacks that utilise social engineering and drive-by downloads to infect a system by scanning URLs accessed by a user against a blacklist of websites containing known threats.
"The bad news starts with the fact that 74 per cent of the world's businesses expect to be hacked each year," Brad Smith, Microsoft's president and chief legal officer, said at the RSA Conference in San Francisco in February this year. "The economic loss of cybercrime is estimated to reach US$3 trillion by 2020. Yet, as these costs continue to climb, the financial damage is overshadowed by new and broadening risks."
One plausible solution: Set up a "Digital Geneva Convention" that will commit governments to protecting civilians from nation-state attacks in times of peace. "Just as the Fourth Geneva Convention recognised that the protection of civilians required the active involvement of the Red Cross, (similarly) protection against nation-state cyberattacks requires the active assistance of tech companies," Mr Smith said at the RSA event.
"The tech sector plays a unique role as the Internet's first responders. We, therefore, should commit ourselves to collective action that will make the Internet a safer place, affirming a role as a neutral Digital Switzerland that assists customers everywhere and retains the world's trust."
Trust, or lack of it, drives the IT security market.
Global spend on information security products and services is set to reach US$93 billion next year, up from about US$86.4 billion in 2017, says Gartner Inc. "Rising awareness among CEOs and boards of directors about the business impact of security incidents and an evolving regulatory landscape have led to continued spending on security products and services," says Sid Deshpande, principal research analyst at Gartner.
"However, improving security is not just about spending on new technologies. As seen in the recent spate of global security incidents, doing the basics right has never been more important. Organisations can improve their security posture significantly just by addressing basic security and risk related hygiene elements like threat-centric vulnerability management, centralised log management, internal network segmentation, backups and system hardening."
The complexity is compounded because companies are now optimising workloads across multiple clouds. By next year, 60 per cent of enterprise IT organisations will have committed to multi-cloud architectures, says IDC Corp.
"In the cloud 2.0 era, cloud service buyers will be increasingly drawn from the ranks of business managers rather than from IT managers," says William Lee, associate director of IDC's Asia-Pacific cloud services research. "Decisions will be based on business requirements rather than tech platforms, and much of the funding will be from the business units. The need for efficient management of the new multi-cloud environment will mean that 65 per cent of those with a multi-cloud strategy will seek management solutions from external providers to meet the complexities of managing cloud 2.0 environments."
The most vulnerable application?
Email. An estimated 90 per cent of all hacking begins with an email phishing attack. Last year, Microsoft added Advanced Threat Protection for Microsoft Exchange Online. This identifies recognisable malware and suspicious code patterns in emails and stops them before they can do damage. Microsoft recently added new data governance features to Office365 that include automatic alerts sent to users when someone attempts to copy and download their inbox. Cloud services are perennial targets for attackers seeking to compromise and "weaponise" virtual machines and other services.
"In a cloud weaponisation threat scenario, an attacker establishes a foothold within a cloud infrastructure by compromising and taking control of one or more virtual machines," the Microsoft Security Intelligence Report states. "The attacker can then use these virtual machines to launch attacks, including brute force attacks against other virtual machines, spam campaigns that can be used for email phishing attacks, reconnaissance such as port scanning to identify new attack targets, and other malicious activities."
Is there a solution currently?
The only solution is a combination of sound enterprise security policies and practices coupled with regularly updated security tools. That's specially relevant in the cloud computing era. The key is secure authentication. That's where FIDO (Fast Identity Online) comes in. FIDO is a not-for-profit industry consortium that was formed in 2012, has 260 members and works on specifications to support authentication tools such as biometrics (fingerprint and iris scanners), voice and facial recognition, smart cards, security tokens and others.
But that's not enough. Companies also need other tools to manage identities, regulate access (specific job roles should be denied access to areas out of scope), constantly monitor network and virtualisation-based security, and finally, provide a consolidated view of risk and potential vulnerabilities that can compromise an organisation's data.
The aim? Based on risk events, calculate a user risk level for each user. Every user is a potential data hazard and must be considered as such on the cloud. The Microsoft Azure Active Directory Identity Protection calculates a user risk level for each user. This enables a company's security to configure risk-based policies to automatically protect user identities. These policies, along with other conditional access controls, can automatically block the user or offer suggestions that include password resets and multi-factor authentication enforcement.
- The writer is a former BT journalist.