Simply Security - News, Views, and Opinions from Trend Micro

Posted on August 17th, 2012 in Current News by Simply Security | 1 Comment | Tags: Current News

There's no doubt that online attacks are a major problem for private individuals and large corporations alike.

There's no doubt that online attacks are a major problem for private individuals and large corporations alike. The intensity of some attacks, the volume of information they yield up to hackers and the consistency with which they seem to be making headway could be blown out of proportion though. While it makes sense to be aware of threats, knowing the actual scale of the danger can help businesses and individuals more sensibly target the correct level of data security they should be pursuing.

Putting a data protection plan into a tailspin is easy when the people in charge of it don't actually know what they're up against. Using the wrong kind of data protection strategy or getting conflicting software could provide a false sense of security wherein IT is no longer monitoring the issue. A plethora of problems crop up when misinformation rules the cybersecurity communication lines.

Overblown issues

Imagine if a major player in the data security game released a report stating that current trends in online attacks were showing huge deficits for businesses of all sizes. No corporation was too small to go unnoticed by the crosshairs of hackers, who seemed to dodge firewalls and other security measures to steal mass amounts of sensitive, damaging data. As a whole, this would reflect that businesses at all levels were being negligent with information protection, leading more people to invest in greater amounts of security rather than review the systems they already have.

One online source already did that, according to Forbes, and the fallout for them could be huge. In terms of future analysis for that business, and those who follow the same path, it's likely that data analysts will take a dubious approach to future reports from that source.

The questioning began after a report stated that the current cost of online loss was upward of $1 trillion annually, due to poor data protection standards. Pro Publica stepped in and did some research of its own, asserting that groups noted in the whitepaper, like U.S. Cyber Command and Vanson Bourne, took no claim in that figure, saying it was added after their research was completed.

Over-hyping major threats

Some viruses are known for their virility, but not every big bug is going to shut down the Internet, as some reports would like consumers to think. Trend Micro pointed out in a blog in July that sources will sometimes jump the gun or blow a story out of proportion to add pressure to data security decisions. Urgency isn't always the best strategy for disaster recovery, and, as Trend Micro pointed out, stories about some viruses, like the iOS bug, only serve to hyper-excite technology owners into action, regardless of what kind that might be.

Conficker, for instance, is still a big threat to PC users, but that virus has been around for quite some time and isn't about to suddenly overhaul its attack strategy. Back in May, the Internet was up in arms over a bug called Flame that specialists thought would shut down governments and bring the world to its knees, as the Daily Mail wrote. While the malware did a number on Iranian computer systems, it was also dealing with a mainframe that wasn't properly outfitted for Internet security protocols the way even some homebrew computers are in the United States.

Dangers still loom

That's not to say that hackers aren't still patrolling the Internet looking for weak passwords or systems to exploit, that viruses have ceased to be or that the need for diverse levels of data security is no more. Vigilance is the tone that should be stressed, however, instead of panic.

The federal government may not have been brought down by Flame, for instance, but hackers are still finding ways to infiltrate their systems. A report from the Government Accountability Office, published by Federal Times, highlighted a recent theft of thousands of employees' personal data from the Federal Retirement Thrift Investment Board's online database. Failure to properly encrypt and secure this information has jeopardized the security of its workers as well as its reputation.

CSO Online reported a similar attack on the Environmental Protection Agency, both incidents falling within months of each other. While the two are not linked, according to the source, these attacks should show businesses and consumers that necessary data protection precautions are mandatory, but buying firewall and other kinds of software alone won't keep them safe. They must also watch out for threats, update passwords and practice safe usage to ensure the best level of protection.