'Security threats have moved to the Web'
The world is not new to threats arising out on the Internet but its magnitude has left everyone stumped and this with security architects working round the clock to ensure that you are safe in the virtual world. But each year, newer weapons are being unleashed only to leave you surprised and annoyed. Jim Haskin, CIO, Websense Inc speaks to Prasad Ramasubramanian of CyberMedia News on the latest trends that his company is seeing and how one can be left well informed and armed to wage a war.
Excerpts from the interview:
With over 12 years in the Internet security domain, how do you view the security scenario across companies in the world? Would there ever be a 100 per cent solution with respect to data protection?
Today the majority of security threats have moved to the Web instead of e-mail and attackers' techniques have matured. This shift, coupled with the proliferation of collaborative Web 2.0 sites, has changed the threat landscape and the way businesses need to think about security. Traditional security defences such as firewalls, anti-virus software and intrusion prevention systems are no longer enough to safeguard data. Security technology providing real-time analysis, reputation management of the Web combined with the right processes and policies will result in a very robust solution for data protection.
Do you see a fresh pattern in the phishing attacks that are taking place and how does one combat that?
Phishing attacks, as with other attack methods, are becoming more targeted and stealthy than ever before. With whaling attacks, cyber criminals target specific individuals within a company for calculated financial gain, which is far removed from the mass spam attacks of a few years ago. Cyber criminals are also using world events to launch targeted attacks, shown by the recent phishing attacks on donation Web sites for the China earthquake. Businesses can combat these by ensuring they have real-time Web and email security in place to protect confidential and personal data. It is essential that businesses can protect against blended threats as today's phishing attacks are often designed to lure people out onto the Internet.
Why is it that sites of banks and financial institutions, defense/ministerial sites always end getting caught in the hacking storm? What is Websense's take on this scenario?
All industry sectors are at risk of security breaches and should take steps to protect against data loss. We see a heightened level of risk in finance and government sites. These sectors typically maintain a lot of high-value private information such as third party records (customer or partner data), explicitly marked confidential data and information relating to the general public. For the cyber criminal, launching targeted attacks on these sites offers the potential of higher financial gain.
As a company that pioneers in the web filtering technology, what challenges do you foresee in security space in the coming quarters?
With today's attacks aimed at stealing specific data rather than taking down a company infrastructure, traditional security for the network and devices is no longer enough to combat the myriad of threats toward businesses' essential information. In today's environment, organisations need to take a data-centric approach to their security strategy and to protect data against external and insider threats. A key challenge for businesses is that, despite this exposure to security risks, they need to allow employees access to Web 2.0 tools to use in a productive and safe manner. Shutting off access to these sites is no longer a viable solution as organizations need to harness the benefits of the Web 2.0 world.
With security of data creating ruckus in a day-to-day functioning of companies and with hackers from across the orb watching you closely on Web arena, does it call for stronger cross border cyber laws? What role would Websense play in this situation?
We do expect to see more stringent regulation for security breaches including those that involve the loss of personal data. In a recent survey of international security professionals conducted at the eCrime Congress in London, 96 per cent of respondents called for an enforcing body obliging global governments to work together to address cyber crime. Websense works with companies, governments and law enforcement agencies to address the issue of data loss. We are an expert in how organizations scan protect their essential information from emerging Web-based and email borne security threats and prevent sensitive information getting into the wrong hands.
Do you feel the role of CIO at times of web security threats and data protection gets highlighted more than what it is on other times?
Data security should be a priority board-level issue for every organization and one in which the CIO should play a very proactive and strategic part. In a recent survey, 79 per cent of security professionals believed the average organization is now under more pressure from stakeholders to introduce additional measures to protect against data loss, with 95 per cent stating the Board should be responsible for a security breach. It is right that the CIO takes a leading role in addressing security.
Reproduced from an article published by CIOL
© CIOL
The original article can be viewed here:
http://www.ciol.com/News/Interviews/Security-threats-have-moved-to-the-Web/...
Permalink Bookmark Digg this story
