https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2022 Winter Showcase
    • IWCE 2023 Pre-event Guide
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2023 Pre-event Guide
    • IWCE 2022 Winter Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Wireless Networks


The weakest link

The weakest link

When it comes to infecting enterprise networks, those who use them often are the biggest culprits.
  • Written by Urgent Communications Administrator
  • 1st February 2010

Ten years ago the biggest security headache facing the enterprise was an unsuspecting employee clicking on an e-mail attachment and launching a rudimentary virus that would render his computer inoperable. Today, the number of devices connecting into the corporate network — such as smartphones, laptops and netbooks — along with the highly sophisticated practices of hackers create a dangerous storm of security threats, say security experts.

“The most dramatic change is all of the devices people have that are capable of storing data and becoming infected,” said Rob Ayoub, global program director — network security with research firm Frost & Sullivan. “Maliciously or not, employees stand a greater risk of walking out with data that can be compromised.”

At a fundamental level, today’s work force is highly mobile, which poses security risks because devices accessing the corporate network also connect to the public Internet when away from the workplace.

“There may be strong gateway security within the enterprise, but if a laptop is infected with malware, then as soon as the device that contains all of that important information is disconnected from the corporate network and reconnected via the Internet somewhere else, then all of that information [can be pirated],” said Derek Manky, a threat researcher with security firm Fortinet.

Nefarious computer whizzes increasingly are finding a lucrative business in covertly stealing sensitive information via malware, worms and root kits — software systems that consist of one or more programs that are designed to hide a compromised system. For instance, the Conficker computer worm that takes advantage of flaws in Microsoft’s Windows operating systems now is believed to be the largest computer-worm infection. It is designed to be commanded remotely by those who created it, and once it infects a device, it scans for other vulnerable devices, infects them and relays information back, Manky said.

Experts say the black market for corporate information is now worth more than the international drug trade, and these thieves’ practices have become a sophisticated operation that often involves hiring affiliates willing to install malicious software on thousands of devices for as much as $100 per device.

For instance, a hacker known as NeoN in 2008 compromised the database of a cyber criminal scheme — one that involved distributing fake security software. According to Manky, NeoN later claimed in a Web post that the scheme’s top-earners made up to $150,000 per month distributing the software onto machines.

“Ten years ago, it was about making a name for yourself in the hacker world,” said Chris Herndon, managing director and chief technologist with MorganFranklin, an IT consulting company. “Now it has become a monetary incentive.”

The most vulnerable devices, experts say, are the smartphones that are flooding into the enterprise. These devices increasingly are being purchased by workers themselves as a way to stay connected outside of the office. And they are the most insecure devices at this point, experts say.

“One of the areas under-reported as far as threats go are smartphones,” Herndon said. “It is amazing what is out there in terms of malware targeting the mobile market. Once that device is tethered to the Internet … or back to the enterprise, it can provide access for the hackers.”

The flood of employee-owned smartphones coming into the enterprise is becoming a growing headache for IT managers everywhere. Devices such as Apple’s popular iPhone have not been designed with corporate security needs in mind. Since introducing the iPhone in 2007, Apple has made some major changes to address the enterprise, such as a remote-wipe capability that prevents access to data should the device br stolen or lost, but it is still far from secure, experts say. Indeed, hackers have been known to break into the iPhone in a matter of minutes.

“It’s easy for end users to configure their phones to receive corporate e-mail, and there’s a huge demand for full-browsing capabilities, [both of] which come with download threats associated with viruses and malware,” said Jonas Iggbom, product manager with security firm Check Point Software Technologies.

Check Point currently is working with mobile operators to pre-load its encryption software on mobile devices to encrypt the entire device, while other well-known security vendors such as Symantec have developed solutions for smartphones.

However, the problem largely lies with a lack of concern on the part of the enterprise, said Philippe Winthrop, enterprise analyst with Strategy Analytics.

“It’s frankly ridiculous that there is not enough concern,” Winthrop said. “Unfortunately, it may take a huge data breach for enterprises to listen.”

Added Ayoub: “We’ve done a lot of work looking at the mobile-security space. The biggest challenge is that no one sees it as a threat. There hasn’t been a big attack yet. Employees are haphazard with devices, and they don’t see them as a danger.”

The lack of concern largely stems from a lack of awareness. Hackers aren’t stealing information for publicity, while the enterprise doesn’t want to admit when a data breach occurs. “A lot of these large publicly traded companies aren’t going to divulge that their network was compromised via cell phones,” Herndon said.

When Herndon advises corporations on security threats, he often gets what he describes as the “dear-in-the-headlights face,” which changes to horror when they begin to understand just how vulnerable their systems are.

Manky said no security magic bullet exists. “You can’t just beef up security on the Web. Enterprises need multiple protection layers,” he said. Proper anti-virus, Web-filtering, application-control and intrusion-prevention solutions are important, but so is protecting the end points, including smartphones, laptops and storage devices, he said.

A recent survey from Check Point that queried 224 IT and security administrators found that while more than 40% of enterprises have more remote workers connecting to the corporate network, just 9% use encryption for remote-storage devices — such as smartphones, MP3 players and thumb drives — which tend to have large memory stores. The bottom line is that the more memory a device has, the more vulnerable it is.

Also important is developing a security framework that includes policy creation and enforcement, education, security tips and practices of which employees should be made aware, Manky said.

Indeed, Herndon said tools are available but a large part of a security solution is about changing the employee mindset. “That’s a hard market because it’s not a product you sell. The market is saturated with anti-virus, anti-spyware and other software that are integrated in the security presence. But it all comes down to the weakest link. What is the weakest link? It’s the end user willing to click on that [Internet or e-mail] link that allows that payload to come into the enterprise.”

Related Stories

  • Major cyber attacks underscore vulnerability of enterprise data
  • Data to go

MOTIVE TRENDS IN CYBER ATTACKS

1990s: Destruction
2000s: Monetary gain / stealth
2010s: Monetary gain/stealth + destruction

Source: Derek Manky

CRIME PAYS

Crime services pay affiliates to load malicious software per 1,000 machines. Prices vary by region:

USA: $110
Canada: $100
Asia: $8

Affiliates are used they have the infrastructure — they control botnets (connected network of infected machines) that can load such software.

They use this infrastructure to make cash by offering a service. Cyber criminals also sell tools (such as exploit kits) to launch attacks, which average around $1,000 USD per kit.

In 2008, a hacker by the name of NeoN compromised the database of a cyber criminal scheme — an affiliate program distributing so-called scareware. He indicated that top earners were making in excess of $150,000 USD per month distributing the fake security software onto machines.

Source: Derek Manky

Tags: Call Center/Command Wireless Networks

Most Recent


  • Verizon officials highlight role of 5G tech for responders during IWCE keynote
    LAS VEGAS—As the public-safety sector continues to expand its use of data-intensive applications, developments in 5G can provide the low-latency, high-bandwidth connectivity to meet these needs, Verizon officials said yesterday during a keynote address at IWCE 2023. Bryan Schromsky, managing partner for Verizon’s public-sector unit, noted that the carrier plans to complete its deployment of […]
  • Rescue 42 launches miniCRD deployable for FirstNet
    Rescue 42 yesterday announced the launch of its miniCRD (mCRD) for FirstNet, which provides much of the functionality of the company’s Compact Rapid Deployable at a much lower cost.and in an even more portable form factor—two ruggedized cases that are about the size of checked luggage. Rescue 42 CEO Tim O’Connell said the mCRD (pictured […]
  • IWCE 2023
    Safer Buildings Coalition conducts annual event at IWCE 2023
    A common theme ran through the Safer Buildings Coalition’s annual meeting Monday night during IWCE 2023 at the Las Vegas Convention Center—strength through collaboration. “The perception is that the challenge is ‘out there,’ and someday, maybe the challenge will come here,” said Billy Bob Brown Jr., executive assistant director for emergency communications within the Cybersecurity […]
  • The weakest link
    IWCE speakers debate state of public-safety interoperability
    LAS VEGAS—Achieving comprehensive interoperability for mission-critical communications used by U.S. public-safety agencies continues to be an elusive goal, according to speakers addressing the topic during a Monday session at the IWCE 2023 event in Las Vegas. Some view interoperability as the technical ability for one person to communicate with another, no matter what device or […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • The battle over connected cars drags on
  • UK officials revamp ESN plans again, target Airwave-to-LTE transition for end of 2026
  • PSCR: Dereck Orr highlights features of June 21-24 virtual event
  • FirstNet buildout on pace for March 2023 completion, AT&T official says

Commentary


Updated: How ‘sidelink’ peer-to-peer communications can enhance public-safety operations

  • 1
27th February 2023

NG911 needed to secure our communities and nation

24th February 2023

How 5G is making cities safer, smarter, and more efficient

26th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Gallery: The last day of IWCE 2023 dlvr.it/SllQKJ

30th March 2023
UrgentComm

Video: Opening of the Expo Hall on day three of IWCE 2023 dlvr.it/SlkyNy

30th March 2023
UrgentComm

Verizon officials highlight role of 5G tech for responders during IWCE keynote dlvr.it/Slkh9n

30th March 2023
UrgentComm

Day three of IWCE 2023 features the opening of the Expo Hall dlvr.it/Slhgvr

30th March 2023
UrgentComm

Gallery: The Expo Hall opens on day three of IWCE 2023 dlvr.it/SlhfPT

29th March 2023
UrgentComm

Rescue 42 launches miniCRD deployable for FirstNet dlvr.it/SlgdtY

29th March 2023
UrgentComm

RT @IWCEexpo: 📽️ More sights from Day 2 at #IWCE23. It's been a fantastic start so far... Thanks to you! Tomorrow is another awesome spea…

29th March 2023
UrgentComm

RT @IWCEexpo: Ildefonso De La Cruz Morales, Principal Analyst-Critical Communications @OmdiaHQ takes the stage and kicks off tonight’s Keyn…

29th March 2023

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.