Banking on IT to protect customer data

Taking precautions

Wieland Alge, Vice President and General Manager EMEA at Barracuda Networks, speaks on fighting virtual shadows to protect customer data from malicious intent in the wake of the recent Barclays' data breach.

TechRadar Pro: What did you make of Barclays bank recently having thousands of customer details stolen and sold?

Wieland Alge: The plight of Barclays Bank, following the theft of thousands of confidential customer files, has once again thrust the issue of how organisations protect confidential data high up the business and consumer agenda.

Accountable heads are lifting from the global sands of ignorance as theoretical threats become real life scenarios that must be dealt with or expose data vulnerabilities which could see the downfall of even the most powerful brands.

TRP: In your experience, what are the expected repercussions from such a high profile breach?

WA: This confidential data belongs to the customer, not the enterprise. Customers very quickly turn away from brands that are shown not to be worthy of being trusted with confidential personal data. Ask yourself, how many chances would you give a bank that hands over your details to criminals with malicious intent?

TRP: How do you keep one step ahead of the criminal minds?

WA: Good question. So how does an enterprise IT department keep ahead of criminal masterminds?
Besides protecting against system failure, comprehensive data strategies must protect against a new generation of attackers that are improving their exploitation tactics greatly.

With tactics ranging from pop-up adverts and spyware to capture web browsing habits to the insertion Trojans or use of cleverly crafted queries designed to steal passwords and log-in information, there is malicious intent lurking in every virtual shadow.

To protect against these attacks, organisations must take into account the three core areas hackers can compromise online:

• Malicious People – the potentially dangerous people with whom users interact
The Barclays security breach highlights the vulnerability posed by people with the now infamous delivery to a national newspaper of a memory stick containing personal details of 2,000 customers.

• Malicious Places – the potentially dangerous destinations or URLs where users visit
The number of phishing campaigns worldwide increased by more than 20 percent in the third quarter of 2013, with crimeware (malware designed specifically to automate cybercrime attacks) evolving and proliferating, according to the Anti-Phishing Working Group (APWG).

• Malicious Things – the potentially dangerous objects/applications with which the user interacts

TRP: And is this not already happening? Surely there have been enough high profile hacks in the last six months to put this right at the top of IT agendas?

WA: Every day, more than 100,000 websites are running with the singular goal of spreading crimeware which can cripple the effectiveness of information security efforts. There is a gaping hole in today's approach to security, and organisations are not doing enough to keep data safe.

The hackers have taken notice and shifted their attack mechanisms to bypass traditional security measures, and the security industry as a whole must do the same. More than ever, security needs to be intelligent, scalable, and always available wherever end users happen to be.

TRP: Is it only big businesses that can protect themselves against malicious activity?

WA: Not at all. SMEs are exposed to exactly the same IT threats as large companies but where international corporations employ large teams dedicated to IT security, an SME must do what it can with much smaller budgets.

Security has become a great deal cheaper over the past few years and professional solutions are affordable for smaller businesses. Technology therefore, is not the answer, but staff training.

Larger businesses have the financial ability to send team members for official training more easily than SMEs, so smaller businesses should also ensure that their teams are well educated internally on how they can keep their company's data safe.