Companies are finding that IT security threats come in a wide range of flavours--85 percent of computer security practitioners surveyed had detected viruses within their organisations, according to a Computer Security Institute/FBI study released earlier this year in the US.
And the figures don't look rosier closer to home. This year's Computer Crime and Security Survey--conducted by security advisory AusCERT, Deloitte Touche Tohmatsu and the NSW police--found that 67 percent of respondents had suffered a security incident in 2002, twice the level of 1999.
But the question isn't if these threats exist, it's whether companies are understanding and protecting corporate assets adequately.
Australia's Computer Crime Survey found that businesses here are protecting themselves in a variety of ways. This included physical security (91 percent); password protection (100 percent); access controls (96 percent); firewalls (96 percent) and anti-virus software (99 percent).
Yet, surprisingly, only 48 percent used encrypted login or sessions, with 47 percent using encrypted files. Other authentication techniques used were biometrics (four percent), digital IDs (46 percent) and smart cards (36 percent).
However, the authors of the survey didn't believe this necessarily meant a deficiency in security within Australian organisations.
"Such technologies are only useful if there is a recognised need to provide strong protection (confidentiality and integrity) to network data and services," the survey stated. "And if they are implemented as part of an overall security policy framework which makes provision for monitoring and maintenance of this technology and the information systems they seek to protect."
What are hybrid threats?
The growing complexity of security threats creates new issues for enterprises to deal with as they try and protect themselves.
In 1999, AusCERT started to see a distinct trend in the hybridisation of viruses, according to the not-for-profit organisation's training and education manager, Mark McPherson.
McPherson believes the term has widened to include attacks where there's the ability of a particular attack tool to insert malicious code into a server and make that server in turn attack clients. "It's equivalent to what hackers may have had five years ago as a personal skill set, and it's transferred into software-automated attack tools," he said.
Hybrid threats are also known by other terms, for example security vendor Symantec refers to them as blended threats. According to information provided by Symantec, these threats are characterised by the fact they're multi-faceted in their operating methods and effects.
"Blended threats require comprehensive security solutions that provide multiple layers of defence and response, with triggers to pre-determined responses when threats are encountered," it states. "Comprehensive security solutions include the ability to secure all levels within the IT infrastructure (gateway, server and client) as well as the ability to apply complementary security functions in a synergistic fashion."
Symantec sees one of the most dangerous characteristics of a blended threat being that it exploits vulnerabilities, for example unauthorised administrative access to servers such as opening up the information stored on the server at the root level.
Exploiting known vulnerabilities such as buffer overflows, http input validation vulnerabilities and known default passwords are other threats the vendor cites.
Likewise, Dean Kingsley--partner of enterprise risk services at professional services firm Deloitte Touche Tohmatsu--sees hybrid threats as a challenge for corporates. "[It's] relatively undiscriminating, in terms of who it's attacking," Kingsley said.
"I think that generally organisations need to assume they face some level of threat from these automated attacks," Kingsley warned.
Examples of ways automated attacks could be set up, which Kingsley used, are by trying to bypass a firewall, exploiting open services on a Web server, or weaknesses in the way mail protocols are set up.
Among the counter measures enterprises Kingsley suggested enterprises could use are firewalls in serial, strong patching of any servers, and closing network shares.
