Anti-Virus Software Is Not Enough

Nick Rossiter, Regional Director Russia/CIS Symantec Corporation

The Internet security threat landscape has become more sophisticated and more aggressive, requiring a more sophisticated form of protection for computers and users. Malicious activity has increased sharply over the past year, compelling users to adopt more sophisticated protection software. Ninety percent of malicious code activity concentrates on stealing confidential information. Malicious activity continued to grow at a record pace throughout 2008 and into 2009.

Traditionally we just looked at keeping the bad things out, now it’s about keeping the good things in as well! The information companies have and need to run their businesses is growing at over 60 percent per year. We now have the virtual office and the information follows the employee around so it is vulnerable at rest and in motion and we have to be able to proactively manage and protect this vital asset. The new legislation on protection of private information coming into force in Russia 1st January 2010 will require both public and private sector organizations to comply rigidly with the rules on how this information is secured.

Every year Symantec issues an Internet Security Threat Report which provides a view of malicious activity detected by our Global Intelligence Network. More than 240,000 sensors in over 200 countries monitor attack activity on the Internet. Our latest report issued in April 2009 showed that we blocked more than 245 million attempted malicious code attacks worldwide every month during 2008.

As malicious code attacks continues to grow at a record pace we’re also seeing that attackers have shifted away from mass distribution of a few threats to micro-distribution of millions of distinct threats. Cybercriminals are profiting from creating and distributing customized threats that steal confidential information, particularly bank account credentials and credit card data.

Web surfing remained the primary source of new infections in 2008, and this trend is continuing into 2009. Attackers are relying more and more on customized malicious code toolkits to develop and distribute their threats. Threats with a keystroke-logging capability—which can be used to steal information such as online bank account credentials—made up 76 percent of threats to confidential information, up from 72 percent in 2007. Organizations in Russia have a much larger volume of personal information when compared to their counterparts in the rest of the world, which places even more importance on the management and protection of this vital asset.

This kind of information can be alarming, but businesses should not panic. It’s important that businesses and users of the Internet understand the seriousness of the threat, but at the same time it is possible to protect information effectively.

The most important factor to bear in mind is that attacks are becoming more sophisticated and merely installing anti-virus software is not enough to protect a system.

Malicious code these days consists of several components, all of which attack a computer sometimes simultaneously. A user can unwittingly download a Trojan by clicking on an automatically-generated spam message, the Trojan can then install code that disables a computer’s security reporting function, and sends out instructions for other functions to be executed such as gathering user id and passwords, and so the process continues. With this type of threat an anti-virus alone would not protect a computer.

Companies must install software with multi-tier protection — including firewall, network access control, anti-virus, anti-spyware, host- and network intrusion prevention, application (software) control and device control.

The unfortunate reality is that innocent web users can visit a compromised web site and unknowingly place their personal and financial information at risk. Or plugging in an infected USB device can devastate an entire network. Computer users have to be extra vigilant about their security practices, and they need to carefully investigate the technology available to ensure their systems are protected at all levels.