Enterprises slow in reacting to changing criminal threat


Enterprises have been too slow to react to the significant shift in the ways that criminals are attacking them, according to a security researcher.

Michael Sutton, head of cloud security provider Zscaler, told IT PRO at the RSA Conference that the ways in which criminals were hitting businesses had changed.

Five or six years ago, criminals tended to target the server side, breaking in using a technique such as an SQL injection to get data.

Now, Sutton said that criminals were more focused at targeting the computer employee and client side of the IT system, as enterprises had got better at locking down systems and patching immediately.

"Either they are after information on the desktop, maybe a credit card number or password, or they just want to infect that desktop to recruit it into a botnet," he said.

"The botnet is the architecture of attack today," he added.

Sutton believed that businesses were slow in reacting to the changing threat, due to budgetary constraints and a tendency to focus on server side protection.

He said of protecting the client side: "When it comes to the enterprise, there are two things that businesses tend to do. Desktop antivirus and they might do some URL filtering."

"I don't even really consider URL filtering a security measure, but rather a productivity measure. It just makes people not go to sites that you don't approve of," he added.

Sutton believed that URL filtering was no longer effective and that companies couldn't make black and white decisions on what end users would access.

"Take something like Facebook. Most companies are saying that they can't just outright block it, because there are legitimate reasons to use it," he said.

"Maybe your HR department needs to use Facebook because they want to use it as a recruiting tool," he said.