Just because we breed fewer virus writers or are perhaps a little more honest shouldn’t make us complacent about internet security attacks.
The country lags in attack activity, coming 60th in a global rankings survey done by security software vendor Symantec, with less than 0.1% of all attacks originating in this country. In terms of attacks per internet capita, New Zealand ranks last among the 43 countries with more than a million internet users.
But New Zealand IT leaders shouldn’t believe New Zealand’s physical isolation gives us any protection from being attacked, says Symantec president John Schwarz. “They need to consider the threat on a global scale,” he says.
The Canadian says the number of viruses and other threats is increasing and antivirus software just isn’t sufficient anymore. Symantec’s annual Security Threat Report says the number of “blended” — that is, multipronged — threats doubled last year and there was an 81.5% increase in computer vulnerabilities during 2002. Overall, some 450 new viruses and 250 new vulnerabilities are discovered globally each month.
While several large local ISPs are responding to this by offering virus filtering as part of their service, Schwarz says this is not hitting Symantec’s sales, as the company supplies services to many ISPs, including Xtra.
Schwarz also says relying on ISPs to counter viruses leaves users at risk because blended threats don’t necessarily travel by email, but can enter systems through file sharing, P2P or visiting an infected website.
“Every device on the network has to be responsible for its own security. In order to protect against blended threats, you need multilayered protection,” he says.
This includes using AV software, firewalls, intrusion detection, content filters and virtual private networks, especially if wireless devices are used.
But just as important, is how systems are managed, which is why organisations are increasingly turning to companies who can monitor a company’s web traffic and systems and look for anything unusual.
Most threats to organisations are still internal, such as from disgruntled employees or IT staffers, but online fraud is increasing, particularly with credit card details being stolen, Schwarz says.