Amid a proliferation of security threats on the Internet, IT innovators have developed more affordable antivirus and antimalware apps to protect you from online threats
mid a proliferation of security threats on the Internet, IT innovators have developed more affordable antivirus and antimalware apps to protect you from online threats.
Fears about security on the Internet are nothing new. But uncertainties were exacerbated recently after the headline-grabbing heartbleed bug, which affected Internet users from around the world, spurring many to make sense of this global security bug.
Being asked to immediately change passwords when accessing those 'can't-live-without' websites was a huge wake-up call and brought the question of Internet security to the fore.
The heartbleed bug was found on Open SSL security software used by two of the most popular web servers, Nginx and Apache. The bug opens a hole in the security enabling irresponsible parties to steal data from the websites using OpenSSL.
By March 2014, Nginx was used by 20 percent of all websites compared to Apache with 60.6 percent, making the heartbleed bug scare a global phenomenon. Even though it is reported the OpenSSL has now been patched and the problem no longer exists, many individuals and enterprises continue to question the security of their sensitive data.
In Indonesia, the popular Internet forum, kaskus.co.id also reported its website security was compromised. As reported by Kompas Tekno, the founder of Kaskus, Andrew Davis said the Kaskus team immediately responded to the threat and patched the compromised software.
Data breach alert
Verizon in its 2014 DBIR offers four to five recommended controls to strengthen Internal security of an organization for various threats to data security. From installing Data Loss Prevention (DLP) software, disabling Java software and updating browsers to segmenting network for containing incidents and training staff, are just some of the steps corporates can undertake.
In its Internet security threat report this year, Symantec Corporation revealed that cyber attacks on businesses with 250 employees or less.
'Small businesses are the target of 42 percent of all attacks,' the report says. And big companies with more than 2,500 employees accounted for 35.3 percent of breaches.
Raymond Goh, Asian senior regional technical director for Symantec system engineering was quoted as saying by Antara said small businesses tended to be less protected than larger corporations, helped pave the way for cyber criminals wanting to attack big corporations.
'When attackers can access the data of small businesses, which have links to big corporations, automatically a path to those larger corporations is opened,' he said during his recent visit to Jakarta.
Mobile threats
Trend Micro reported the number of malware and high-risk apps on Android devices reached
1.4 million by the end of 2013, but many mobile Internet users still pay no heed to the threats on their mobile devices.
AVAST Software, whose mobile security solutions iares the most used in the world according to 2014 AV-Comparatives survey, concurred with the report from Trend Micro.
'User awareness of mobile malware is dangerously low,' the company's CEO Vincent Steckler said in a press statement. This is despite the findings of close to 1,900 new species of mobile malware in one day.
'People use their phones and devices for banking, shopping and checking email. Malware on mobile devices is dramatically increasing, and people need to protect themselves just as they do on their PCs,' Steckler added.
Preventive measures
Free antivirus and antimalware apps on Google Store are actually a sufficient protection for the device, many of them offering business-level protection without users having to pay.
AVG is one example of big antivirus software offering free mobile version that includes device locator and SIM-lock features, as well as remote data erase and remove device lock and other nifty features.
Mobile Security and Antivirus from Trend Micro has both free and paid versions. The free version offers basic protection, along with a free 50 MB cloud storage to back up data and settings, in case of any malicious attacks. The paid version, preceded by 30-day free trial period, offers an all-round protection including lost-or-stolen device locator incorporating Google Maps and SIM-lock feature, among others.
However, installing the latest antivirus software is not enough for businesses.
As expressed by Sudev Bangah, associate director and head of Operations of IDC Indonesia, a company ideally needs to invest
30 percent of IT capital expenditure for security measures.
'Each company [in Indonesia] sets aside less than 10 percent of its IT budget for security,' Bangah said as quoted by tempo.co.
He added that Indonesian companies had the lowest awareness of cyber security threats in the Asia-Pacific region.
Trend Micro, whose partners include technology big players, like Microsoft, Dell and Cisco, offers a comprehensive portfolio of security solutions for government institutions, small and medium enterprises, and individual customers.
To protect against targeted attacks, Trend Micro said an enterprise needed to establish properly configured IT infrastructure. It is a costly investment but its benefits will outweigh the actual and future costs of a breach.
Segmentation of corporate networks and logging and log analysis are two important steps in helping detect any breach, thus, preparing the response team to take the necessary countermeasures.
Gerry Chng from Ernst & Young said at the Computerworld Security Summit Singapore 2014 that instead of aiming for 100 percent prevention, enterprises should identify their most vulnerable areas and ensure they have a balance of preventive mechanisms and monitoring capabilities to protect those areas.
At the summit, Wana Tun from Sophos NSG, a developer and vendor of security products with focus on providing security to organizations and businesses, offers some tips to help enterprises defend themselves from attacks.
Enterprises need to block inappropriate and malicious sites and control productivity bandwidth. The next step is for enterprises to keep with the attackers' distribution networks ' enforcing a standard minimal set of web applications, and employing advanced threat protection. Last, but not least, enterprises need to back up data continuously to help recover from potential infection. (Gandi Faisal)
Share your experiences, suggestions, and any issues you've encountered on The Jakarta Post. We're here to listen.
Thank you for sharing your thoughts. We appreciate your feedback.