Going Online This December? Beware The Ghost Of Christmas Past

Every year during the holiday season, cyber criminals attempt to steal the confidential financial information from unsuspecting online shoppers. Unfortunately, most Internet users won’t benefit from a visit from the Ghost of Christmas Past to warn them of the dangers of online shopping from yesteryear.

True, if Ebenezer Scrooge were online today, he would probably opt for freeware or forego investing in Web security altogether to save a few schillings. But then again, he’d likely benefit from the wisdom of the Ghost of Christmas Yet To Come, warning him of the dangers of losing his massive fortune online. You can imagine how fast he’d change his tune.

For the rest of us, a visit from the Ghost of Christmas Present would yield startling results. Two-thirds of all known Web malware was discovered in 2008 alone and this year it’s at an all-time high. The first half of 2009 saw a whopping 585 percent increase in phishing scams as cyber criminals attempted to lure online shoppers to fake Web portals to steal their personal and corporate credit cards. A new trend has seen hackers optimise search engine results to trick users into downloading malware unknowingly. Considering that more than half of all employees do online shopping on their work PC and most use a search engine to surf the Web, this becomes an enterprise security issue. What happens when these mobile employees bring malware back to the office network?

Desktop anti-virus with daily signature updates and firewalls with packet-layer inspection provide protection from some types of network threats. Yet, they don’t provide the full protection needed to guard against dynamic Web attacks using i-frame or SQL injections that infect popular websites or phishing scams that take advantage of user ‘trust’ models. Drive-by-downloads and infection via fake alerts are becoming more common. What’s needed is an additional layer of Web protection.

Enterprises should consider moving to next-generation URL filtering, which combines multi-content categorisation with Web protection. While early URL filtering solutions focused on categorising static websites with one category – sports is sports – today’s dynamic Web requires granular classification. A website today typically hosts three or more types of content, such as news, social networking, and shopping or online-gaming. Next-generation URL filtering would rate facebook.com as social networking but allow the option to block adult content or gambling content without blocking Facebook itself. Today’s Internet users won’t tolerate overblocking, while corporate IT managers don’t want under-blocking either.

What’s more, the average website is made up of a dozen sub-domains and dozens of URL links from alternate servers, which are easily compromised by cyber criminals. The best protection is for the enterprise to have full visibility into all new URL links, with immediate URL analysis and fast ‘download-free’ protection for employees everywhere. Sounds like one of Ebenezer’s out-of-body experiences, you say? Hardly.

Next-generation URL filtering is already being deployed as a hybrid Web gateway solution protecting Enterprises worldwide. Blue Coat’s WebPulse Collaborative Cloud Service provides a first line Web defense driven by real-time online activity of 62M users for maximum Web awareness. It employs over 16 security technologies in a scalable architecture to provide fast Web threat protection with dynamic URL classification that rates over 2 billion URL links per week. WebPulse extends support to the employee laptop via the ProxyClient. So when employees shop online this December on the road or at home, they benefit from real-time protection.

This holiday season don’t wait for a visit from the Ghosts of Christmas to warn you of the threats to your enterprise web security. Make a Christmas list and send it off to finance to include in your 2010 planning. This year’s malware and phishing epidemic makes it unlikely you’ll get a ‘Bah Humbug’ in return.

_Andresen is Director of Solutions Marketing, Asia-Pacific, Blue Coat Systems.
_