Sunday, May 24, 2009

The Insecure Enterprise

With cyber criminals offering ‘fraud as a service’ and malware factories churning out malware designed to steal information, the threat perception for Indian enterprises has escalated to a new level, as organized crime syndicates take over from script kiddies

By Srikanth RP More from this author

  • In February 2009, local newspapers reported that the Ministry of External Affairs was examining a security breach on its computer network, after some computers were found to be infected with spyware, which was sending copies of information to an external e-mail address
  • In March 2009, Websense Security Labs discovered that the official website of Rajshri Productions, India, had been compromised and was infecting the
  • machines of site visitors with malicious code
n December 2006, Kingfisher Airlines was hit by an online e-ticket fraud that cost the airline Rs 17 crore
CERT-In, the Indian Computer Emergency Response Team’s website, reveals that a total of 4,475 Indian websites were defaced in the year 2008
  • In August 2007, the website of one of India’s leading banks, Bank of India, was hacked, and was found to be distributing malware and Trojans to visitors. In the same month, Websense Security Labs discovered that the official site for Syndicate Bank was compromised with a malicious script

What do the above incidents tell us? The fact that even after following the best security mechanisms, all a hacker has to do is to find a single open door or a minor exploit for breaching a network. KK Mookhey, Principal Consultant, Network Intelligence India, rightly sums this up as an asymmetric warfare: “The attacker has to find only one loophole, while the defense has to plug all loopholes.” With multiple threats ranging from Zero day exploits, website vulnerabilities, unpatched software and an ever-growing insider threat, enterprises cannot afford to blink their eyes even for a moment.

Clearly, even as the Internet has leveled the playing field for Indian enterprises, it has also exposed the vulnerabilities of Indian enterprises to global hackers who do not differentiate between boundaries. For example, the Bank of India hacking incident was traced to an ISP in Russia.