Major cyber attacks underscore vulnerability of enterprise data
It’s like a scene out of a movie. Major headlines in recent days have centered on the China-based cyber attacks on search giant Google. The sophisticated attacks have shaken security experts. Google said the attacks resulted in the theft of intellectual property and happened after Google decided to end its practice of filtering search results in China. Google suspects the Chinese government is to blame. The act is so egregious for Google that it is poised to pull out of China, one of the most lucrative marketplaces in the world. (See related New York Times story.)
It also appears that source code was stolen from more than 30 major technology companies. Adobe Systems has confirmed that it was targeted by an attack, while other companies such as Juniper Networks, Northrop Grumman, and Dow Chemical reportedly also were targets.
For security experts, the breach highlights just how vulnerable the enterprise is, despite its aggressive moves to protect data. The number of devices that are connecting into the corporate network — such as smartphones, laptops and netbooks — along with the highly sophisticated practices of hackers creates a dangerous storm of security threats.
“There may be strong gateway security within the enterprise, but if a laptop is infected with malware, then as soon as the device that contains all of that [enterprise’s] important information is disconnected from the corporate network and reconnected via the Internet somewhere else, then all of that information is [pirated],” said Derek Manky, threat researcher with security firm Fortinet.
When it comes to smartphones, it’s easy for end users to configure their phones to receive corporate e-mail, while an increasing number of smartphones include full-browsing capabilities. With that comes the threat of malware and viruses, said Jonas Iggborn, product manager with security firm Check Point Software Technologies.
Most employees have a haphazard approach when it comes to smartphones, Manky said, adding that while employees are more cautious with their laptops, they need to be reminded that smartphones are vulnerable to attack too.
Solutions do exist to protect smartphones, but few entities are using them, experts say. And although security experts are doing their best to educate the enterprise, it may take a major breach to get the attention of IT people in the enterprise, said Philippe Winthrop, analyst with Strategy Analytics.
What do you think? Tell us in the comment box below.