Malware is going to be ugly in 2013. BitDefender is already calling this "The Year of Mobile Malware," which should send shivers down the spines of anyone playing with BYOD.
In addition to all the usual PC-based viruses and Trojans, IT now has to add rogue cellphones and tablets from the unprotected wild to its list of threats. Device-level anti-malware is more important than ever.
Still, it's easy to get too wrapped up in end-point anti-malware at the expense of your broader network protection strategy. Two recent Gartner blogs have pointed out very different vulnerabilities that are equally important, and a good security system needs to address them all.
In Playing Chess with APTs, Gartner's Dan Blum argues that fortifying firewalls and locking down end points are noble goals, but by themselves, they provide an outdated and insufficient security design. To Blum, the enterprise needs to extend its reach beyond the firewall through Secure Web and Email Gateways, while simultaneously developing internal procedures for sensing, analyzing, and sharing data about threats that do make it past the perimeter.
Blum raises excellent points. Attackers' tactics evolve daily, and the volume and types of network traffic passing through networks grow every year, yet our moat-and-castle defenses haven't changed in two decades. Spreading your security footprint and gathering intelligence quickly are the new keys to survival. Blum told me more in an email exchange:
Companies should develop operational efficiency on stopping malware. This means not only deploying state of the art protection tools, but also employing change management, virtual re-imaging and integrity monitoring technologies to bulletproof the critical data center environment. But even with that, assume that sophisticated and persistent groups of adversaries can reconnoiter and work around any static defense. If your organization is thought to be at heightened risk of targeted attacks, also deploy advanced security monitoring tools and subscribe to threat intelligence services.
Malware isn't your only risk, and it might not be the biggest. In More on Internal Data Loss Incidents, Anton Chuvakin cautions against sloppy policies that could (and probably will) cause more damage than any super-virus. Even the most hardened perimeter is useless if everything on the inside is wide open.
The highest-profile hack of this century was allegedly conducted by a single man with a recordable CD. According to charges filed by the US government, Private First Class Bradley Manning downloaded hundreds of thousands of sensitive and classified files and cables.
How was an enlisted soldier able to access that much data? Poor planning and lazy design.
Any system that allows partners and employees free reign is a lost cause long before the malware arrives. Social engineering, spear-phishing, physical device theft, and other non-malware attacks can bypass even the strongest external barriers, and businesses need to be able to identify and contain threats when they arise.
Malware is important, and building a strong fence against it is critical, but every fence has holes. To be effective, your business needs a holistic security policy that does what it can to minimize intrusions, locks down intruders when they get through the gates, and provides the information you need to shut down the threat as quickly as possible.