Tuesday, June 14th, 2011 - OVUM
OVUM COMMENT: Graham Titterington, Principal Analyst

There is no magic bullet to prevent a cyber attack. Most information theft attacks are launched through an internet facing application in the corporate gateway, attacking vulnerabilities in applications using relatively predictable strategies such as SQL Injection or scripting attacks. So improving the coding standards of applications is a major step, or alternatively protecting applications by screening them with an application layer firewall. (application security is made more difficult where outsourced development or management is involved.)

Access control to systems is another area where controls are frequently circumvented, as attackers steal the credentials of legitimate users through a number of types of attack. Spyware is often inserted into the target organization well before the main attack takes place to acquire this information. Social engineering attacks work against most organisations.

Monitoring data movements, data encryption, and data loss prevention systems can also reduce the loss of information directly from electronic systems, particularly with regard to high volume theft. In this case it appears to have flagged the data breach, but not soon enough to prevent the damage being done.
However, the technologies themselves are not universal panaceas, even when the vulnerabilities have been dealt with. Data loss prevention is cumbersome and can obstruct legitimate business if it is not perfectly tuned. Encryption is only as good as key management and brings the risk of losing all access to your data if you lose the key. People are people and have innate vulnerabilities with respect to trusting the wrong people, accepting inducements, or simply having more pressing concerns at the time they are approached.

File Library

Contact Profile

OVUM


Ovum provides clients with independent and objective analysis that enables them to make better business and technology decisions. Our research draws upon over 400,000 interviews a year with business and technology, telecoms and sourcing decision-makers, giving Ovum and our clients unparalleled insight not only into business requirements but also the technology that organisations must support. Ovum is part of the Informa Group.
Tanisha Kaul
P: +613 9601 6723
W: www.ovum.com

Keywords

Most information theft attacks are launched through an internet facing application in the corporate gateway, attacking vulnerabilities in applications using relatively predictable strategies such as SQL Injection or scripting attacks.

Categories

Sharing

More Formats