Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.
Those who would do harm to our computer systems for profit or malice always manage to focus their efforts on our most vulnerable weak spots. Today, that is the web, for a wide number of reasons.
- Ubiquity: Everyone uses the web all the time for all types of activities. Because individuals tend to trust major sites such as Google, Amazon and Yahoo, it’s easier and more attractive for cybercriminals to target users at these sites. According to one report, in the second half of 2011, 30,000 new malicious URLs were created every day.
- Social Networking: Again, playing into user habits, comforts and vulnerabilities, criminals are increasingly targeting social networks. In one survey, more than 70% of users said they or their colleagues had been spammed on a social networking site, 46% had been the target of phishing exploits and 45% were sent malware.2 Yet, despite the growth in threats through social networking, 70% of small and midsize businesses still have no policies in place for employee social media use.
- Increased Mobility: Everyone is more mobile, driven by the dramatic growth of powerful smartphones, tablets and mobile applications. Unfortunately, increased mobility has made us much more vulnerable to attack. Smartphones
are part of the consumerization-of-IT trend, and they tend to be less secure than devices designed for businesses. What’s more, users often keep their smartphones on all the time, making them much more vulnerable and inviting as a target. The number of malware attacks aimed a mobile devices rose by 185% in less than a year through the first part of 2012 compared with the previous year, according to a congressional report by the U.S. Government Accountability Office.
- BYOD: Organizations are finding that they have no choice but to support the bring-your-owndevice phenomenon. Users are hooking up to the corporate network whether their devices are sanctioned or not. They are also bringing all of their bad personal computing habits to the corporate network, which is particularly dangerous if IT has not set up adequate policies and safeguards. So here we have devices that can access valuable corporate data and networks being used to go to web sites that are highly vulnerable.
A Challenging Threat Landscape
Just how challenging and dangerous are the threats? Here’s the bad news, according to a wide variety
- More than 30,000 web sites are infected every day, and 80% of those sites are legitimate.
Approximately 85% of all malware, including viruses, worms, spyware, adware and Trojans, comes from the Web. Today, drive-by downloads have become the top Web threat
- Malicious sites increased by 240% in 2011 compared with 2010, driven largely by the growth of malware networks, or malnets, as a mode of attack. A malware network directs users visiting trusted sites to malware via relay, exploit and payload servers that continually shift to new domains and locations. According to one report, the average business confronts 5,000 malware threats every single month. Where do the attacks
enter the organization? Some 40% come from search engines, 13% from mobile devices, 11% from e-mail and 6.5% from social networking.
- The Web Application Security Consortium (WASC) lists a total of 34 different types of threats that can compromise a web site, its data or its users, ranging from content spoofing and cross-site request forgery to HTTP response smuggling and XML injection, among dozens of others in between. And those are just threats focused on web applications. Then add in some of the additional ways in which cybercriminals commonly use the web to distribute malware: black-hat search engine optimization, social-engineered click-jacking, spearphishing sites, maladvertising, compromised legitimate Web sites and drive-by downloads.
The other bad news is that the bad guys are becoming increasingly coordinated and sophisticated. As noted by one major security report:
“The sophisticated business models used by cybercriminals have allowed tools and services once reserved for the cybercrime elite to be made available on the black market as commodities. The more savvy criminals offer their goods and services to those who may be starting out or are in need of setup and instructions. Whether selling off-the-shelf botnets, Trojans by the binary or Zeus recompiles, the underground is loaded with tools to allow any ‘newbie’ cybercriminal to launch an attack.”
Successful web security attacks can, of course, be devastating. The average cost of a data breach is $5.5 million, and the cost of losing a single record is $194, according to the 2011 Cost of Data Breach Study by the Ponemon Institute.9 Lost business costs alone averaged $3.01 million and, for the first time in the study’s history, malicious or criminal attacks accounted for more than a third of the total breaches. Further, malicious attacks have been the most costly of all types of breaches.
Taking Action to Address Web Threats
The good news is that leading vendors in the security technology industry, such as Webroot, are providing a wide range of innovative solutions to enable small and midsize businesses to stay on top of this changing threat landscape and prevent damaging attacks. Foremost among these solutions are secure web gateways and, specifically, the rapidly growing market for cloud-based secure web gateways. So what are secure web gateways, and how do they protect small and midsize businesses? Here is a definition from research firm Gartner:
“A secure web gateway (SWG) is a solution that filters unwanted and malicious software from user-initiated
web/Internet traffic, and enforces corporate Internet policy compliance. SWGs must, at a minimum, include URL filtering, malicious code detection and filtering, and application controls for popular Web-based applications. Native or integrated content-aware data loss prevention (DLP) is also increasingly included.”
The fastest growing segment of the SWG market is in the cloud, where SWG as a service is projected to grow by about 35% in 2012, according to Gartner. There are significant advantages to deploying a cloud-based secure web gateway, particularly for SMBs that need to get security solutions up and running quickly and inexpensively.
By using a cloud-based SWG, organizations don’t have to spend money on hardware and software, and they also save money over time on maintenance, updating and service. What’s more, a cloud-based service provides a more secure perimeter for the organization, especially with the growth of mobility,the shift to the BYOD paradigm and the growing deployment of less secure platforms like tablets and smartphones. How can a cloud-based service give you more protection?
- Better defense against zero-day threats and spam servers
- Real-time threat detection and immediate deployment
- More comprehensive signature and URL databases
- Better performance
- Fault tolerance
Of course, not all cloud-based secure web security solutions are created equal. In looking for a solution,
SMBs should focus on certain key characteristics. Does your provider offer service-level agreements (SLAs)?
Does the service enable users to authenticate directly to the service from any location, supporting policy enforcement for roaming users while ensuring that users can’t bypass company policy?
Does the solution take advantage of a comprehensive, cloud-based malware detection service to enable real-time protection against threats as they are discovered? Does it utilize a small client plug-in that makes it simple to deploy on all devices, without having any impact on the user experience or network performance?
In weighing all of the features an SMB should be looking for in a secure web gateway, their are many possible solutions both cloud-based (Webroot) and office-based (ISA Server or the new Forefront Threat Management Gateway 2010). Call Wimbledon It Services to discuss suitable solutions for your business.