Cyber criminals are using the virtualised world of cloud computing to increase security attacks, an industry leader has warned.
Founder and CEO of Australian security company TrustDefender, Ted Egan, told Computerworld Australia security offenders and hackers have become more sophisticated in recent years, using newer technologies such as cloud-based services.
“The biggest issue enterprises have is that bad guys are not using traditional ways of evading security techniques," he said. "They are using sophisticated, virtualised, cloud-based attacks.”
Egan’s insights come despite Queensland Police online crime law enforcement unit detective superintendent, Brian Hay, last month said, cyber criminals were not ‘technically gifted’.
"Bring your own" (BYO) corporate technology, which recent reports suggest remain unpopular with CIOs, increased potential gaps in security and could lead to more attacks, according to Egan.
“Employees are being given devices like mobile phones that aren’t being put on the books of the company,” he said. “You can use it for whatever you want, but how do companies know it’s secure when you’re putting confidential data onto those machines and then feeding back that data into the cloud?"
“The problem with it is, you’re feeding all of that information into your mobile devices and the bad guys don’t need to compromise the enterprise anymore, they just need to compromise your device,” he said. “All the bad guys need to do is compromise one mobile device and your whole system can be compromised.”
While the CIO of the Hong Kong Housing Authority earlier this year said Australian IT managers are hesitant to move to biometrics as a security offering due to priorities taking precedent, Egan said this may be because it isn’t an efficient means of securing a device.
“The bad guys are very smart, all they have to do is compromise the device that biometrics has been used in,” he said. “If the bad guys compromise that information in the first place, it doesn’t matter what you do with biometrics or voice recognition – they can still bypass all of it.”
Egan's insights come as the former CIO of the US National Security Agency, Prescott Winter, warned CIOs needed to become more conscious of their internal security.
McAfee chief executive, David DeWalt, also pointed to Web 2.0 and social media as potential new security threats.