Combating Internet Threats to Growth

Transcription

1 WHITE PAPER: IT SECURITY SOLUTIONS Combating Internet Threats to Growth Who should read this paper IT Decision Makers, IT Managers. Network Administrators

2

3 WHITE PAPER: IT SECURITY SOLUTIONS Combating Internet Threats to Growth Contents Introduction: Growing Challenges Into the IT Minefield Pressures: How Business Drivers Create IT Challenges Dangers: How IT Challenges Become Internet Threats Solutions: How Internet Threats Can Be Eliminated

4 Introduction: Growing Challenges In July, Singapore s Deputy Prime Minister pinpointed cyber-crime as a key priority for Association of South East Asian Nations (ASEAN) countries to tackle. [1] This was hardly surprising, given the damage that a whole range of internet threats are doing not just to public sector organisations but also to private businesses. And it s an issue that s particularly relevant to manufacturing industry right across Asia especially in the tiger economies in the current commercial climate. Manufacturing industry is making a critical contribution to Asia s developing prosperity. In Singapore, for instance, it accounts for nearly 28% of national GDP, with a 30% surge in the sector s output underpinning the 15% overall growth achieved in [2] Even in Hong Kong, the world s most services-orientated economy, around 130,000 people are employed in manufacturing. [3] Yet the sector s exports focus inevitably exposes it to global economic storm winds contributing to a slowing in manufacturing growth across Asia. [4] Moreover, meeting this challenge presents a real paradox: Thinking innovatively, embracing new business trends and finding more effective ways of operating are now more essential than ever in terms of securing sustainable commercial success. All three can, however, ramp up exposure to a daunting array of profit-puncturing internet threats, potentially resulting in everything from serious data leakage to heavy legal fines/costs. Specifically, prospering in today s world of global customer bases, farther flung supply chains and more flexible working patterns means assigning a pivotal role to internet communications. [5] But this piles the pressure on IT Departments to de-risk this critical reliance on the internet especially with Asia s high level of connectedness and growing affluence making it a prime target for cyber-crime. Yet businesses that successfully reduce their vulnerability to internet threats, whether posed by cyber-criminals or their own staff and stakeholders, will have taken an important step towards maximising growth. This White Paper shows how today s commercial environment exposes Asia s manufacturing companies to an internet threat landscape of unprecedented severity. But it explains, too, how the dangers can be blunted by adopting a solution that really does rise to the challenge. Into the IT Minefield Communications, transactions, operations the internet revolution has transformed them all. But it s also created a minefield to negotiate: 2011: It s reported that companies in Singapore, Hong Kong, Indonesia, Taiwan, South Korea and Japan have been targeted by a cyber-criminal operation seeking to steal confidential corporate data. [1] 2011: In the first half of the year, 181 hacking attacks on smartphones are reported to the Hong Kong Computing Emergency Response Team Co-ordination Centre, up 15% compared with the first half of [2] 2010: Cyber-bullying escalates in Hong Kong, [3] potentially creating legal liabilities for any business where an employee suffers at a colleague s hands. 2010: 30% of small and medium businesses (SMBs) in Singapore experience an increase in cyber attacks. [4] 2009: Two-thirds of all Singapore businesses suffer cyber-attacks, while in Hong Kong cyber-crime cases soar. [5] 1

5 These examples give a flavour of the vulnerabilities that can arise from internet use. Indeed, the average cost of cyber attacks on SMBs in the Asia Pacific Japan region is estimated to exceed US$150,000, [6] while failing to protect employees from e-based harassment can be equally punitive a recent case in Australia saw one company hit with a damages bill of nearly AUS$0.5M. For a CIO or IT Manager, though, developing a clear picture of how these vulnerabilities are actually generated by specific business pressures and processes will provide a platform of understanding that enables effective protection to be put in place. Pressures: How Business Drivers Create IT Challenges The table on next page focuses on five fundamental characteristics of the business environment that manufacturing companies in Asia now operate in and how they translate directly into IT challenges. Driver/Issue Associated Needs/Trends Resulting IT Challenges Continuously boost competitiveness and profitability Safeguard intellectual property and derive maximum value from it. Increase efficiency and productivity. Cut costs and meet capital constraints. Protect digital information assets. Reduce distractions/drains on employee time (e.g. ensure IT systems are easy to use). Invest in capex-light systems with predictable costs. Globalisation Wider geographical spread of customers. More complex, farther flung supply chains. Increase in takeovers, mergers and acquisitions. Increase reliability of internet communications (to liaise with customers and suppliers). Protect digital information assets (e.g. ensure data is secure/ clean when sent to/from countries with different jurisdictions, data security cultures etc.). Ensure digital information assets readily accessible in case of contractual disputes with customers/suppliers. Integrate IT systems and user policies/cultures following takeovers etc. (especially across multiple sites). Compliance/ increased regulation Increased regulatory risks/obligations. Potential for fines and reputation damage if key evidence unavailable for court actions, audits etc. Safeguard digital information from loss, alteration or destruction. Ensure digital information readily available for rapid, on-demand e-discovery. Safeguard and improve skills base Increased competition in attracting staff. Need to maintain employee morale to help retain talented staff Educate/train new staff on IT Best Practice and Appropriate /Web Use Policies. Ensure digital information (e.g. historic s) readily accessible for swift resolution of staff disputes. Contribute to appealing working environment by deterring IT misuse for bullying, sexual harassment etc. 2

6 Changing working patterns Increased remote/mobile working. Associated reliance on mobile devices (e.g. Smartphone ownership in Hong Kong is booming). [1] Manage/control wide range of mobile devices used in range of working contexts and environments. Blurring of work/home division when employees access and use IT resources. Dangers: How IT Challenges Become Internet Threats As the following table demonstrates, the IT challenges summarised above are inextricably linked with a range of internet threats that can undermine any company financially, operationally and reputationally: Key IT Challenges Associated Internet-related Threats/Dangers Protect digital information assets Targeted attacks duping carefully selected victims into downloading malware that finds confidential commercial information and secretly leaks it to malware s controller. Leakage of client and proprietary data due to malware attack could lead to loss of reputation and competitiveness, and court actions leading to large fines. Lack of secure archive for creates scope for data loss, theft etc., undermining compliance and competitiveness. Ensure digital information readily available Failure to meet e-discovery obligations (e.g. specific can t be produced to satisfy court request) exposes company to possibility of multi-thousand-dollar fines. Long searches for historic could rack up legal costs. Educate staff on IT Best Practice/ Appropriate Use Policies etc Data-stealing or network-freezing malware downloaded when employee clicks on link to infected website, opens infected attachment, responds to fake anti-virus alerts/security updates etc. Employees duped by targeted attacks (see above). Employees contravene policies by sending inappropriate s or accessing inappropriate websites, leading to sexual harassment claims etc. Data-stealing or network-freezing malware downloaded due to careless social networking. Manage/control wide range of mobile devices Malware infection due to less rigorous security measures/practices often applied to mobile devices (one Fortune 15 company estimates that 5% of its mobile devices are infected). [1] Some computer worms are specifically designed to spread via USB storage devices and insecure network connections. Reduce distractions/ drains on employee time Inadequate archiving systems make it time-consuming to store, search and retrieve messages. Spam clogs inboxes and takes time to delete. Inappropriate use of /web erodes productivity. 3

7 Integrate IT systems and user policies/ cultures Time-hungry management/maintenance of different storage solutions used in different parts of organisation, unless integration effected. Solutions: How Internet Threats Can Be Eliminated A brief survey of threat statistics reveals the scale of the internet-related dangers now facing Asia s manufacturing sector: [1] Targeted attacks across industry worldwide saw a 60% increase between 2009 and 2010; since 2008, manufacturing has been the target of more such attacks than any other industrial sector. Every day, nearly 7,000 additional websites are identified as harbouring malware. Over 75% of heading for Hong Kong and Singapore is spam. Globally, manufacturing is one of the top five spam targets. Blunting this battery of threats is a business essential. It equates to eradicating serious risks that, as this paper shows, are heightened when companies strive to increase competitiveness, build or extend their penetration of global markets and adopt more flexible working practices. It can, therefore, contribute directly to achieving top-line business targets. Symantec.cloud s suite of hosted services, harnessing Skeptic heuristics malware detection technology and operating on a capex-saving pay as you go basis, are equal to the challenge. For instance: Internet Threats Required Protection Symantec.cloud Solution Key Benefits Symantec.cloud Enterprise Vault: Loss of/corruption of/ inability to locate historical Secure, hassle-free archiving Easy search & retrieval facility Single tamper-free archive for your company. Unlimited storage/retention. World-class search, retrieval and legal discovery. Enhanced data security. Increased productivity. Improved compliance. Financial predictability. Easy-to-use legal hold. Defence against Symantec.cloud Web Security: Careless/ inappropriate web use malware-infected websites URL filtering to prevent policy violations and access to inappropriate Ensures all web content free from malware before delivery. Enforces usage policy, even outside corporate network. Includes usage time/volume limits. Enhanced data security. Increased productivity. Improved compliance. Financial predictability. sites Remote-user support option. Vulnerability of mobile devices (esp. where Defence against malware carried by /im/ websites Symantec.cloud Endpoint Protection: Always-on protection. Host intrusion detection. Enhanced data security. Increased productivity. 4

8 multiple users share single endpoint) Defence against data interception Warnings of dangerous websites. Ensures compliance with company usage policies. Improved compliance. Financial predictability. 5

9

10 About Symantec Symantec.cloud, division of Symantec Corporation, offers customers the ability to work more productively in connected world. More than 31,000 organizations ranging from small businesses to the Fortune 500 across 100countries use Symantec.cloud to administer, monitor, and protect their information resources more effectively. Organisations can choose from 14 per-integrated applications to help secure and manage their business even as new technologies and devices are introduced and traditional boundaries of the workplace disappear. Services are delivered on a highly scalable, reliable and energy-efficient global infrastructure built on fourteen datacenters around the globe. SINGAPORE 6 Temasek Boulevard #11-01 Suntec Tower 4 Singapore Main: Fax: Support: Copyright 2011 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 8/2011