Online security spending up as cyber threat looms

The credit crunch has pushed companies in the Middle East to spend more on protecting their data from spam, phishing and other forms of malicious software (malware) attacks, say industry sources.

Over the years, the world wide web has become a breeding ground for viruses that could destroy computer systems and cause hefty financial damage to businesses worldwide.

According to the monthly Threatscape Report of US-based network security provider Fortinet, the level of malware detected in 2009 has been consistently rising since September, eventually reaching its peak in November. This was attributed to the discovery of new variants of botnet such as Pushdo/Cutwail, which downloads Trojan worms.

In October, a research conducted by Symantec revealed that over 250 distinct rogue security software programmes have been detected between July 1, 2008 and June 30, 2009. The company also reported that about 43 million rogue security software installation attempts have been done during the research period.

Denis Maslennikov, senior malware analyst at Moscow-based Kaspersky Lab, said companies are faced with the task of constantly updating their security protection to keep viruses at bay.

“Vulnerability is everywhere, irrespective of regions. Many of those detected are critical. Even common document format such as PDF files can be prone to malware attacks. For instance, many users have installed vulnerable version of Adobe Reader, which is used to open PDF documents. This vulnerable version can be hacked by cyber criminals,” he said.

Middle East firms continue to receive anti-virus shots

Hamed Diab, McAfee, Inc’s regional director for the Middle East, says companies in the region have actually been investing more to safeguard their data.

“The credit crisis has actually made our customers more aware of potential security risks and the need to have a more secure and reliable in-house data operation. This means instead of reducing funding, they invested a little bit more on security in order to achieve business continuity,” Diab said.

This trend is also observed by other security providers such as Symantec and Kaspersky Lab.

Johnny Karam, Symantec’s regional director for Middle East and North Africa, said despite the prevailing economic condition, corporate board members are not hesitant to spend on security as they consider this to be their top priority.

“Today, lots of organizations are downsizing and letting their employees go as part of their restructuring programme. Companies, however, want to make sure that official data stay in the company and not leave with employees who have just been made redundant,” he explained.

Data leakage prevention, added Karam, is a crucial objective that many regional firms share.

“The traditional security of protecting the organisation from bad information coming into their system through viruses is still important. However, making sure that the good data stays in the company is also very significant,” he said.

Tarek Kuzbari, managing director of Kaspersky Lab Middle East, said the crunch has definitely affected the market, but not in terms of spending.

“The effect can be seen more on the consumers’ behaviour regarding purchasing – how companies spend their money. Customers nowadays are really looking for the value that security vendors are providing. They seek vendors that they trust and can work with,” Kuzbari mentioned.

Social networking as hackers’ hot target

Websites such as Facebook, Twitter, Flickr, MySpace, hi5 and the likes have managed to find their way into office computers as they become an “essential” part of some internet users’ day-to-day life.

But social networking sites are not just virtual meeting place for friends. They are also infamous playgrounds for computer worms and viruses. Facebook, for instance is known to be most at risk from a type of Koobface virus, which posts malicious links that when activated, could control the computer and steal personal information.

Symantec’s Karam said social networking sites pose a two-fold risk. First, it’s a virtual gateway to social engineering for hacking, and second, it promotes a lax attitude toward information sharing.

“Hackers can gather information about people based on the details social networking site users voluntarily share on the internet. If information such as name, date of birth and address are easily accessible, hackers can steal part of someone’s identity and sell it to a black market, which is fast becoming a thriving underground economy,” Karam said.

He added that people should be educated on how to enjoy using social networking sites without compromising their privacy and online security.

Maslennikov of Kaspersky Lab said social sites have been gaining popularity for spam and phishing activities because it is a way of making money illegally. “It offers a lot of avenues for cybercrimes – not just spreading spam and malware, but identity theft as well. Users really need to have excellent security system to protect them from both ends,” he commented.