|
In an exclusive interview with R Jai Krishna from CyberMedia News, Mahendra Negi, chief operating officer and chief financial officer of Japanese software giant Trend Micro, Inc. spoke on the new anti-spam software and the company’s prediction of cyber crimes increasing in the coming years. Excerpts:
Trend Micro had said that cyber crimes would increase in the coming years. Could you elaborate?
Our prediction is based on two reasons. The first one is the tremendous growth of the Internet and the number of people (users) is increasing day-by-day. This means that more and more people are vulnerable to attacks. Another is the growth of e-commerce and the growing lifestyle changes. More people log on for transactions, namely such as booking tickets and online banking, which gives them more convenience, and the personal data of these people is also open. Owing to increased bandwidth in many countries, the downloading of media files, cool programs and other data types is becoming very popular. Malicious attackers are increasingly using public networking sites to hide their malware, with unsuspecting users downloading malicious files, often triggering multiple infection routines. This is what the malware writers put together and it gives the opportunity for the rise of cyber crimes, particularly when it comes to money.
The only way is to control the occurrence of cyber crimes by having better policing but we can never prevent it. In fact, the Trend Micro threat research forecasts expansive growth in web threats in 2006. Data gathered and analyzed by TrendLabsSM demonstrates that in 2006, organized crime continued to be key to identity theft, corporate espionage and extortion. Botnets have emerged as a popular tool among attackers looking to carry out targeted attacks. Going into 2007, a further increase in web threats is expected -- those threats that use the Internet to perform malicious and often self-perpetuating activities -- and in particular those threats targeting social networking sites.
Digital threats have increased at an average of around 163 per cent year-on-year. Web-based threats have increased by almost 15 per cent since last December, accounting for almost half-a-million reports this year
Moreover, we see a transition in spam generation in the past few years, and it is much harder to block these Botnets developed by the malware writers. On an average, Trend Micro has identified more than two million different pieces of spam flooding the Internet each month. Bots are also increasing greatly. Trend Micro recorded an average increase of 15 per cent since last December with more than 1,40,000 bots being flagged every month. Online fraud is a growing international business. Since Internet penetration in India leapt 54 per cent in 2005 to 38.5 million users, we are increasingly exposed to this global scourge.
What would be the possible solution to control the increase in cyber crimes?
A three-pronged strategy can be adopted to control cyber crimes. The first one is to create user awareness and make them know how vulnerable and exposed they are, especially in the wake of convergence of technologies and the proliferation of Internet. The second strategy is to create a legislative framework and set a benchmark for the courts to decide what constitutes a cyber crime and how to control or impose punitive action against those who involve in such an act. The third and final one is to deploy an effective technological solution, which many companies treat as top most priority, though it is not so.
Putting together all the three strategy into action becomes all the more important in the wake of new threats and potential threats. We strongly suggest that companies should have a security policy of their own, as technology only plays a small role in the overall security scenario. The IT manager in the company should only deploy the policy. Indian enterprises are indeed becoming increasingly aware of the need for a better-defined security environment, though a recent KPMG study reveals a shocking fact that more than 70 per cent of Indian corporates still do not have even have a formal security policy yet.
In fact, laptops are far more a security threat for corporates as reports indicate that 80 per cent of servers are affected by machines that are plugged in after being outside the network over a period of time. It is becoming more and more important for the companies to have a comprehensive security policy, incorporating use of laptops, as threat by laptops is increasing at an incremental rate of 10 to 15 per cent in the past few years.
What has been Trend Micro’s strategy in this context?
At Trend Micro, we see that the nature of threats has changed over the couple of years. It is now driven by commercial motives. There are also these sophisticated people, who indulge in writing malware, whom we call as silent killers. Computer crime has evolved into organized crime; it is no longer the game of individual attackers. With money as their main driver, our research has tracked how attacks have moved from being fast and large scale to being cleverly crafted to attack very specific groups under the radar. Malware creators have an ever increasing and technologically sophisticated tool set at their disposal, consisted of bots and Botnets, rootkits, social engineering, spyware and adware. They are motivated more than ever by financial gain and are creating underground economies specifically for creating malware, crimeware and spyware/adware. Many come from Eastern Europe and Asia. Rather than create malware that deletes files and decimates PCs, they are creating malware that surreptitiously resides on PCs waiting to be called into action by a botmaster or the right moment to steal personal information, They continue to create malware that is more likely to evade detection, like image spam—spam e-mails containing images rather than text.
There is also a false sense of complacency and the problem is getting bigger. All these have to be addressed to by the industry, government and as an individual. The media also has a great role to play in bringing about a change in this context.
On the other hand, everyone has been talking about software industry consolidation, even as the current problem is not solved. Consolidation will drive industry’s concentration away from protection to integration. The industry is talking in terms of moving forward from just reducing cost to adding value. The trend is now changing and things are different now. We think it would be fine if the industry consolidation brings in solutions to many of the problems. Then we could go for it, otherwise if it does not address the core issue and only aims at improving efficiency but not solving the problems, then the consolidation would not make any sense. Industry should try to be more focused in resolving the current problems and it is premature to talk of consolidation. For example, storage companies may continue to acquire security companies but consolidation may create monopolies, which may hurt clients. Security is a very critical issue. One cannot be 80 per cent secure in protection and divert focus to storage.
Regarding new products in the market, we are working on anti-spam software, which would block 70 per cent of the spam and save on the server and bandwidth resources. We are putting together the rule-based and reputation-base technologies together and it would be platform independent. The new product to be rolled out in mid-2007 will be the first step from Trend Micro to solve the problem.
© CyberMedia News
|
