Half of data breaches happens in-house, security firm warns

Saturday, August 20, 2011

FROM just destroying systems for fame and fun, hackers these days have shifted to money-making ventures.

And while many think anti-virus programs are meant to keep hackers from causing damage to a computer system, officials of a technology firm specializing in security protection said the threat these days is much worse.

Have something to report? Tell us in text, photos or videos.

Symantec Corp. Philippines manager Luichi Robles explained that hacking has evolved from just a fun activity like defacing websites to a money-making venture.

And very recently, Robles said hackers have also evolved from cybercrime to espionage, stealing valuable information from big companies or governments. Hackers, he said, now engage in cyberwarfare by stealing information and using it against institutions to get what they want.

What used to be just harmful to a computer system can actually cause harm to the physical world. He said hackers steal one’s identity and get hold of credit card and banking information.

“This is more lucrative now than the illegal drug trade,” Robles explained.

He noted that hackers can also extort from their victims by planting malware and offering to remove it for a fee.

Robles also warned that small businesses can also fall prey to these scams, as they are easy targets due to their lack of expertise in information technology and lack of IT staff.

“They could be held hostage and give in to these demands because any disruption means loss of revenue,” he said.

For big enterprises, hackers can still break through sophisticated security programs by targeting one person in a company without his knowledge, to illegally extract valuable information.

He pointed out that 50 to 60 percent of data breaches are from within companies, some from well-meaning employees who transfer their files so they can work on the weekend.

However, he said the biggest threat is still from malicious insiders, who intentionally cause damage to disrupt office systems, affecting productivity.

Robles also warned that governments are not safe from hackers and could also become targets if their systems are not protected.

He said public services could be affected if hackers, as a sign of protest, disrupt systems as a way of sabotage or as a distraction to steal information.

While he said there are many types of malware, there are at least four that cause a lot of damage without a user knowing it.

The Rustock virus, he said, is responsible for 50 percent of spam mail, which include advertisements of cheap medicines. He explained that a company’s server could be brought down this way.

The Zeus virus steals information, focusing on banking information. Another type of malware is the rogue anti-virus, which suddenly pops up when a computer is in use, informing the user that the machine has been infected and to remove it, one should click on a button and pay a certain amount.

He warned that this could be a trick and that the machine is probably not infected.

He identified the Stuxnet as the most sophisticated of the bunch, which is mainly targets a computer that handles controls of big facilities and can cause disruption of major services like power.

These viruses spread in simple ways such as in email attachments, even if they come from reliable sources. They can also be triggered while web browsing.

Last year, Robles said 3.05 billion attacks were blocked. And with the popularity of mobile devices, they also identified 163 new mobile vulnerabilities.

Symantec vice president for Asia Pacific and Japan strategic sales Bjorn Engelhardt said many do not realize how dangerous cyber attacks are because it is not spoken about enough, unlike physical crimes.

He said the same caution people employ in the physical world should also be the same level when it comes to securing themselves in the virtual world.

He noted that at the end of 2010, 286 million viruses were identified. They expect that by the end of 2011, there will be 600 million.