Today’s workforce is more efficient than ever, utilizing communications and storage devices that make the transfer of information fast and convenient. However, the time these tools save can be lost as a result of the data security risks the devices pose for the companies that use them.
Vista Research reported last year that 70 percent of security breaches involving losses over $100,000 were perpetrated from inside the enterprise. It is becoming increasingly apparent that many companies have bypassed adequate internal security measures in the race to be constantly connected and, by extension, perpetually productive. Eventually these companies find themselves sidelined by exposed weaknesses or malicious attacks damaging their corporate reputation and negatively affecting their bottom-line. Below we outline four recurring threats to data security.
One growing threat is the malicious use of keylogging technology. A keylogger is generally either a hardware dongle or a software trojan that collects and records keystrokes. Given that most of a company's valuable information – passwords, usernames or PIN codes – is entered into a computer via a keyboard, this particular threat is a very efficient way to secretively obtain highly sensitive information. Worse, barriers are low as it requires little in the way of technical expertise from the attacker. While software trojans can be detected by various anti-malware security products, hardware keyloggers present more of a challenge.
A highly publicized threat to enterprise endpoints comes from digital media players, which may store many gigabytes of data. These gadgets are becoming smaller as technology allows and as their popularity grows. A quick scan of most office environments will likely reveal several employees with this type of device connected to a PC or laptop. How can management ensure that these seemingly benign devices are not being used to "bring work home" and therefore seriously compromise data security? How can the IT staff determine that these devices are not being used by an attacker to download confidential files or disrupt the enterprise network through physical access to corporate endpoints?
Smart USB drives
A smart storage device, such as a U3 drive, contains both data and applications on a single storage unit. This gives the user a framework to install applications freely on the device and then run the applications on a computer utilizing the Windows "autorun" feature. The programs can then launch automatically whenever the device is connected to the computer. Sounds convenient, but problems arise when viruses are written to target these devices – efficiently launching on each computer or laptop to which the device is connected.
An open window to the OS
This last vulnerability requires the highest level of attacker sophistication. Security vulnerabilities are found in virtually every software product on the market today. Reading through various security blogs on a weekly basis, numerous security vulnerabilities such as buffer overflows can be found. It was only a matter of time until vulnerabilities were also found in driver stacks in an operating system's kernel. Five such vulnerabilities in Windows were reported by our company's research team in June. Every system running the Windows operating system without additional protection is vulnerable to these bugs. Thus, rogue USB devices can be created which exploit these bugs and effectively allow outsiders to gain control of a machine. Even if the machine is locked, the USB device is capable of compromising that computer's security mechanisms.
These are just a few of the endpoint security threats organizations are facing, prompting IT departments to look at how information is being accessed from within the corporate network. Enterprises today are making internal security – and specifically internal access to network resources – their highest priority, even above gateway solutions like antivirus and firewalls. The protection of valuable information in the workplace has made enormous strides – from locked filing cabinets to encrypted drives the size of a cigarette lighter. But the challenge remains the same: How can an enterprise provide access to key information without exposing it to risk, yet maintain efficiency without compromising security?
While there does not appear to be one magic answer, the road to a secure enterprise begins with awareness and proceeds through policies. Through subsequent columns, we look forward to providing a modern roadmap which will help enterprises utilize technological shortcuts while maintaining a secure path.
Gil Sever is CEO of Safend.