Cyberthreats Evolve Inside Cloud, Mobile

by Luke Jones  on Monday, Jun. 10, 2013 12:00 am  

The vast and changing world of computer viruses and malware requires a similarly vast world of security to counteract it, especially for companies providing managed data services for other companies.

Little Rock’s Acxiom Corp., for example, offers a secure cloud service for business and claims that cybercrime costs consumers $110 billion per year.

Windstream Corp., which has been growing its managed data services, spends millions of dollars a year on security vendors and safeguards against cyberthreats.

“As we grow our network we need more security for the network,” said Terry O’Brian, a senior consultant for product development at Windstream in Little Rock. O’Brian helped develop the security systems for Windstream’s managed networks.

“More firewalls, more [intrusion prevention systems], more backup capabilities,” he said. “We’ve got groups that make sure that our internal networks stay clear of malware and viruses, and we do business with an ecosystem of security vendors to achieve that.”

Mobile Threats

The task of managing all that security is made more difficult as more and more security threats are coming from within companies instead of without.

As recently as two years ago, O’Brian said, most cyberattacks were economic or political and were directed externally.

“But I think what we’re seeing in the industry is more of a shift to have more internal threat factors,” he said. “It makes sense when you think about mobile devices in particular, with people having more smartphones and tablets in the workplace.”

For example, malware could become attached to a worker’s tablet and gain access to both the user’s private email account and the corporate email account linked on the device.

“Then it would be able to learn something about the email infrastructure of their company,” O’Brian said.

And mobile malware is on the rise.

“One of the biggest coming trends we see in the next year is mobile malware,” O’Brian said. “Particularly in some operating systems. Apple has got pretty good control of iOS, but Androids are the Wild, Wild West, especially earlier releases.”

Methods to combat this threat are still being developed, O’Brian said.

“There are solutions out there which essentially take your iPhone and divide it into a private side and a public side,” O’Brian said. “The private side has a set of IT policies from the company that say where you can go and what you can do, and they can encrypt the data that you store.”

Malware on mobile devices has increased by 500 percent during the past several years, O’Brian said, while malware on PCs has remained fairly stable.

Because Windstream isn’t a mobile operator, it doesn’t have to deal directly with such threats, but it still has to protect its cloud customers.

“We have a whole suite of products,” said Kelley McCasland, a consultant who markets Windstream’s security products. She said Windstream has several types of firewalls, Web and email security products, and intrusion prevention systems.

Another emerging security threat, O’Brian said, will be from machine-to-machine exploits, wherein devices with built-in computers are reprogrammed. This could mean anything from a washing machine never finishing its cycle to missile firing systems self-destructing.

“Maybe they’ll target home security systems, or terrorists will go after airports,” O’Brian said. “Along with mobile systems, that’s going to be the next crunch area for malware.”

Expert Advice

How often should a company change or update its security systems? We put the question to both O'Brian and McCasland.

McCasland: “At least annually. And really, I think that’s why there’s more reason to go with a service provider to do that for you, so you don’t have to worry about making those updates.”

O’Brian: “My response is probably at least every day. Because of the statistics on new viruses, Web attacks and application attacks discovered in a typical week, we’re talking about over 100,000. One of our major partners finds, in the wild, a few viruses every week, a couple thousand app-based attacks and just literally thousands of new attack signatures or variations of old ones.”




Please read our comments policy before commenting.