Security A to Z

A is for Authentication
With ID theft currently one of the fastest growing crimes, protecting customers more rigorous security measures will continue to be a top priority. Two-factor authentication, which replaces the traditional ‘username and password’, is one strategy that the banks have been rolling out for those who bank online. In the future we could be scanning a finger once biometric authentication really takes off.

B is for Breaches

C is for Convergence
The convergence of IT security and risk management will continue apace throughout 2008, as more companies look to tightly integrate security into an enterprise risk management approach that also encompasses compliance, legal, insurance and other risks. In 2006, 73 percent of companies integrated IT security with their overall risk strategy.

D is for Distributed Denial of Service
Distributed Denial of Service (DDOS) attacks can be crippling for any business – let alone a bank or company that relies on the majority of its income coming from the online world. Prolonged downtime from these attacks – especially for a financial institution – can create mass hysteria among customers and lost business, not to mention the long-term reputational damage. Firms are advised not to give into the perpetrators demands and pay a ransom. However, it only takes one company to oblige and the gangs will keep up their campaigns. But if reports are to be believed 2007 was the year that attackers began switch their focus from DDOS attacks to more cloak-and-dagger methods for conning businesses and individuals.

E is for Encryption

F is for Federated identity
Federated identity management – a system that allows individuals to use the same username, password or other personal identification to sign on to the networks of more than one enterprise in order to conduct transactions – is all about access.

G is for Governance
The security of information has become a watchword not just for IT, but for the executive suite as well. Security governance requires a coherent system of integrated security components (products, personnel, training, processes, policies, etc.) that exist to ensure your organization survives and (hopefully) thrives. As a security professional, you need to understand that security must be implemented throughout the organization, and that having several points of responsibility and accountability is critical.

H is for Handhelds

I is for IM

J is for Junk
Junk is back, and last extremely active for messaging security. Last year saw the return of spam as a major concern, largely driven by advanced image-based spam (10 times more prevalent than text spam). And even though spam was in the forefront, viruses did not go away – while the frequency and size of attacks decreased, the sophistication and maliciousness of these outbreaks increased. While the industry continued to fight spam and viruses, spyware and malware also flourished in 2007, with two major tactical shifts during the year. The result? A busy year for internet security and predictions for an even busier 2008.

K is for Know your enemy

L is for Layered defense

M is for Malware
In 2006 just one in 337 emails was infected (down from one in 44 in 2005). However,
while this kind of threat is in decline, devious malware authors have many new tricks to play. Trojans currently outnumber Windows viruses and worms by a ratio of 4:1 and rising. Trojan attacks are spammed out in campaigns that mutate in a matter of seconds in order to evade detection. Spyware is the second highest security concern for businesses. 2007 also featured an explosive growth in web-based downloaders – spammed messages linking to infected websites where spyware can be downloaded onto business computers.

N is for Network access control

O is for Outsourcing

P is for Phishing
Phishing continues to be a serious headache for the security officers at the banks. Research shows that just a small percentage of recipients of phishers’ bogus emails are duped into divulging their personal details. This may seem insignificant but the fraudsters can still make serious money out of this crime. Indeed, last year in the US more than $3 billion was lost to these scams, according to a survey by Gartner. It was reported that 3.6 million adults lost money in phishing attacks in the 12 months ending in August 2007, compared with 2.3 million the year before.

Q is for Quality

R is for Regulatory headaches

S is for Sensitive data

T is for Trojans

U is for The Unknown
Unknown attacks are quickly becoming the next great information security challenge for today’s organizations. As the window of time between the disclosure of a new vulnerability and the emergence of unique threats that operate against it continues to shrink, so does the effectiveness of many conventional countermeasures.

V is for Microsoft Vista
Vista was undoubtedly the big event in computer security in 2007. But despite fears over its vulnerabilities when it was launched around a year ago, it’s fait to say that is proving to be the most secure version of Windows so far. According to Microsoft, Vista was built with security in mind – and it shows. The software giant’s recent Security Intelligence Report found there were 60 percent fewer malware infections in the first six months of 2007, and 2.8 times less potentially unwanted software on Vista than on Windows XP SP2. No software is without flaws, and Microsoft chiefs will no doubt have their work cut out over the next 12 months.

W is for Wi-Fi

X is for OS X
Apple computers have long been prized for being virus-free. But as more people begin to use Apple products, experts say the company is increasingly becoming a target for cyber pranksters and criminals writing viruses and other forms of malware. Indeed, 2008 has been penciled in by many as the year the Mac platform takes a serious hit in terms of security.

Y is for You, the user
It’s a sad fact that no matter how good your security features and policies are, the human element will always be the weakest point in your overall defenses. Whether it be poor or lazy password choices that provide an easy way in for hackers, credulous users falling for phishing or other such social engineering scams, sensitive information being exposed through lost laptops and other mobile devices, or even insider threats from disgruntled employees, the user provides a host of opportunities for your security to be breached.

Z is for Zero-day