Rise of the 'professional cyber criminal' forecast at security summit
Rise of the 'professional cyber criminal' forecast at security summit
Jul 20, 2005: A clear transition from security breaches by ‘bored teenagers’ to attacks by ‘professional cyber criminals’ targeting government, the private sector and consumers is taking place. This, and other predictions and analysis of global and local security issues, were revealed at Gartner’s first Security Summit ever to be held in Asia Pacific, which has been taking place in Melbourne over the last two days.
Gartner’s research vice president of the Information Security and Risk practice, Rich Mogull, believes that security threats are now escalating in the public and private domain, as criminals seek new profits. “We’re seeing more serious attacks, with direct attacks on financial services and critical infrastructure using targeted viruses, increasing numbers of botnets, and greater consumer fraud using phishing and malicious software like Trojan horses to steal consumer’s information,” stated Mogull.
Mogull offered the view that recent high profile attacks such as the Mastercard/Visa breach (where 50,000 Australian MasterCard and 77,000 Visa card holders were exposed to the worldwide card scam) are strong indicators of a new, truly global security environment.
“What we’re seeing here is definitely a new era: security is gaining greater prominence and executive access than in the past. With ever increasing global and local threats (both to business and consumers), new business needs, cost controls, and regulatory requirements, there will be opportunities for security professionals around the globe to leverage executive attention and to demonstrate value during the next 12 to 18 months,” said Mogull.
In comparison to other markets such as the US, Gartner views Australia and New Zealand as less protected than other developed markets for a number of reasons:
- There are fewer suppliers/vendors of information security tools/technologies;
- Often technology managers/CIOs have fewer resources to work with, a lower level of executive support, funding and less support/competition from the vendor community; and
- Although Australia faces the same global threats as any region, it has less access to cutting edge security tools that are usually first tested in other Western markets.
- Australia has a more consolidated infrastructure, with less than 10 major financial institutions responsible for managing organisations and individual bank accounts, allowing for a higher potential hit rate for attackers and for phishing to be more effective than in other developed markets.
On a more positive note, Gartner sees certain advantages for Australia. Examples of fraud seem to be more isolated to individual accounts, not an entire financial identity, in large part because Australia does not have a national identification number, like a social security number, that ties all relevant consumer financial information – something that is a growing issue in the US, and a topic of recent discussion in Australia.
Gartner recommends that Australian government departments and businesses (especially financial institutions) learn from their US counterparts: wait and see which technologies prove effective before implementing new products and tools.
Gartner finds that globally most organisations are using regulatory pressure (Sarbanes-Oxley, Basel II et al) to fund security projects and to integrate security more tightly with business units.
“It’s the excuse that security professionals have been waiting for to force business integration. But some organisations are completely distracted by reporting and ongoing audits. Organisations must focus on getting secure before worrying about showing that they are secure. Protect customer data first, then document it, not the reverse,” cautioned Mogull.
“The key to being proactive in security is to focus on removing vulnerabilities before threats arise. The most important way to do that is to buy the most secure hardware and software possible and to force all vendors, suppliers and business partners to continually improve their security. In security, the best defence is a good offence, and the more proactive you can be, the more secure you will be,” concluded Mogull.
Related Article: