Private Mistakes and Public Consequences
Data theft & E-mail threats Sophisticated e-mail attacks steal sensitive data
â©Identity theft has become big businessâand targeted e-mail threats often pave the way for it. According to one personal finance expert, âIdentity theft is now Americaâs leading consumer complaint ⦠with an estimated 10 million new victims each year. The thefts range from opportunistic one-time events to huge, organized crime rings racking up millions of dollars in fraudulent charges each year.ââ© (http://moneycentral.msn.com/content/Banking/FinancialPrivacy/P48173.asp) Criminals use coordinated threatsâ©
To steal personal data, criminals employ sophisticated methods. Recently, one group employed three Trojan horse programs in a coordinated effort to steal sensitive data. The trojans used a three-step process to infiltrate corporate networks, according to published reports: â©â¢ Glieder âseededâ cyberspace by quickly infecting as many computers as possible with a lightweight malware variant.â©â¢ Fantibag deactivated existing security on compromised systems. It disabled networking features to prevent computers from communicating with antivirus companies or with Microsoftâs update site. â©â¢ Mitglieder transformed compromised machines into âzombiesâ to further spread the attack. Machines infected with Mitglieder acted as a proxy to force traffic to malicious sites, track user behavior, record keystrokes and set up spam relays. (âTrojan trio disables Windows, AV updatesâ, SearchSecurity.com, June 2, 2005) E-mail threats continue to plague businessesâ©
The problem of coordinated, targeted attacks doesnât seem to be improving for the future. According to one expert, this influx of trojan attacks could render antivirus systems powerless and leave networks at risk for data theft. (âExperts warn of growing Trojan threatâ, eWeek.com, Increased IT regulations and legislationSecurity failure is devastating
Recent breaches of information security at well-known companies have compelled many firms to re-examine their IT security policies. Not only is a companyâs reputation at stake when confronted with emerging breeds of e-mail threats, but it risks stiff financial penalties because of increased federal and state regulation in the sector. Federal legislation regulates data storage and exchange
â©Recent legislation to prevent data misuse has affected various industries, including health care, financial services, and professional organizations, among others. Three significant pieces of federal legislation govern data storage and exchange in these industries:â©â¢ The Gramm-Leach-Bliley Act regulates the financial services industry.â©â¢ The Health Insurance Portability, and Accountability Act (HIPAA) governs health care information. â©â¢ The Sarbanes-Oxley Act regulates any personal financial information regardless of industry. In general, these laws require companies to protect personal informationââ©including information stored electronically. Organizations that fail to meet these requirements face fines or other sanctions. tate laws provide rigid consequences for privacy law violators
Although most firms would prefer to resolve security breaches quickly and quietly, recent state legislation has made it impossible to do so. The California Legislature, for example, enacted Senate Bill 1386 in July 2003 making disclosure of information breaches mandatory. In writing the bill, legislators acted in response to a fiasco in which hackers gained access to the sensitive payroll information of 200,000 state employees.â©Californiaâs new information privacy law requires that any individual or business must report security breaches resulting in the disclosure of a California residentâs electronic personal information. The law applies to any business that has customers residing in California regardless of the physical location of the business. The law also authorizes lawsuits against businesses if they fail to report violations in a timely manner. â©â©Massachusetts, Illinois and New York are also considering similar IT legislation, as are the U.S. Senate and House of Representatives. Solving targeted e-mail threats  Traditional methods alone leave gapsâ©
Because many firms use e-mail as a primary tool for information exchange, it continues to be a major point-of-entry for data-harvesting threats. Unfortunately, no current technology alone protects against these targeted threats. Although signature patterns are good at detecting known threats, they arenât engineered to quarantine new and unknown viruses, nor can they uncover threats targeted at a specific company or industry. iSolation Server eliminates targeted e-mail threatsâ©
iSolation Server⢠from Avinti eliminates unknown and rapidly changing e-mail viruses â including targeted threats â from entering corporate e-mail servers. It tests the actual behavior of incoming e-mail and attachments in a virtual machine and identifies viruses for which there is no known pattern or signature. By testing messages in a virtual machine, iSolation Server also eliminates the window of vulnerability between virus outbreak and signature update distribution. â© iSolation Server helps companies avoid the costs of data breacheâ©s
iSolation Server delivers benefits to IT administrators because it helps them avoid the costs of disclosing embarassing data breaches â including loss of business, reputation and employee productivity. Because iSolation Server observes the actual behavior of e-mail in a virtual environment, it can protect networks from messages that harvest data, drop keyboard loggers or perform other unauthorized activities.
|
