What kind of developments are you noticing in the threat landscape?
We see enterprises around the world facing different types of attacks or different types of malware. The motives for attacks today are primarily about financial gain – trying to steal money from organisations or individuals.
Secondly we see espionage. It could be state driven but often it’s industrial. The third motive that is quite new is hacktivism. It’s not for financial gain, but to make a specific statement – a virtual group of individuals on the Internet trying to make a specific point against an organisation. It could be a religious organisation, governments or any enterprise that gets targeted.
Most organisations, from small to large, will one way or another be vulnerable to these type of attacks. Every individual or organisation has private information they don’t want to disclose.
It’s unclear what the next big motive for hacking will be. It could be because someone belongs to a specific state or because they have specific ideals but, when we look at today’s malware threats, one way or another we’re all vulnerable.
And there are so many different vectors of attack. We’re using so many different types of computers, smartphones and tablets. A lot of organisations are using the cloud these days and that’s another way companies can be attacked, so we’re much more vulnerable than we were in the past.
Content from our partners
The malware is also very dynamic now. We’re not just facing one type of virus so we can’t rely on just one type of protection. There’s a market for creating attacks. If I want to attack you I can buy a specific attack on the black market and I can create my own variant of the attack.
Malware is changing all the time and there are about 100,000 new variants of malware created every day. With the click of a button I can create my own attack against a specific person.
A lot of companies are now using sandboxing technology. What is this and how can it help to deal with these threats?
Checkpoint provides multiple layers to protect people against attacks. The reason multiple layers are needed is that there’s no silver bullet. I can’t give organisations one simple solution that can be used to fully protect people. You have to have multiple layers that compliment each other and protect themselves. Altogether, they provide very good protection.
Sandboxing compliments these layers against what we call ‘the unknown’. The bad guys create new attacks every day – zero day attacks that nobody has heard of before. No anti-virus software will have detected these specific strains of attacks. It’s all about protecting people and companies from these new, undiscovered types of malware. Once they’re discovered the standard anti-virus technologies will take control and they’ll protect you.
The problem is the gap in time between you being attacked with a new type of malware and the anti-virus software being able to protect you from it. With sandboxing technology, we look at the files that have been downloaded through the web or an email attachment. We take the files, open them in the closed, sterile environment of sandbox, and we examine its behaviour when it’s opened in a closed environment. So, before an end user gets infected, the sandboxing technology automatically examines a file in a lab-type environment. If there is abnormal behaviour then we’re quite certain it’s malware.
How should sandboxing fit in with a company’s threat defence?
It should compliment traditional protection methods, rather than replacing them. There are lots of technologies that can help protect you so make use of them but sandboxing is an important layer now.
We have more and more customers who are buying and evaluating our solutions all the time and we’ve been detecting about two or three unique new attacks that we’ve detected through our cloud services per week so it’s a very effective solution.
How important is it for companies to share information about attacks?
The entire IT industry is realising the value of collaboration has created a huge contribution to the entire technology industry, not just on the security side. Wikipedia, for example, is a dictionary of information that was created by the masses, millions of contributors around the world, and it’s created a very valuable source of information. People have shared information to create that.
As for security, there was a story in the new recently about a large food manufacturing company that suffered from attacks and wasn’t sharing information about it with other companies. This happens with a lot of companies. They don’t share the information and struggle to deal with an attack on its own when it happens to them. With this particular company, because information in that sector was not being shared, it took them about five years to even realise they were under attack.
Some companies are more concerned about their reputations but sometimes they’re just not aware that if they share information about an attack other companies might actually be able to help them. It’s very important to share information. The collaborative information about attacks and how to deal with them is very valuable.
What kind of threats we can expect in the next year?
I don’t think anything dramatic will change in this area anytime soon. The motives won’t change much but we will likely see the number of attacks increase. Social engineering has been a key element in threats for the past 20 years. It’s nothing new but the accessibility of threats is increasing, with the likes of Facebook, Twitter etc. It’s easier to access a certain person, find out information about them and analyse habits that they have. So I think we can expect to see social networks become a more pronounced threat vector when it comes to attacking organisations in the future.
