Can you spot a fake?
The developing threat landscape is a call to arms for the channel, says Pat Dunne
Pat Dunne: Th channel can provide real value during these recessionary times
It seems to be getting harder to tell the difference between legitimate and reputable websites or emails, and those that are fake or infected with malware. Yet identifying and protecting from these growing threats is exactly why customers look to the channel for advice.
So what can you tell them?
If you see security as a business enabler rather than a blocking tool, the picture changes. In tough times, your customers need to use business tools such as web and email more. It’s an economical way for them to reach their customers.
According to our Websense Security Labs bi-annual research report for Q3-Q4 2008 and ‘In the mail’ April 2009:
• The number of malicious websites has increased from January 2008 to January 2009 by 46 per cent.
• Seventy per cent of the top 100 websites either host malicious content or contain a masked redirect to malicious sites.
• Seventy-five per cent of websites classified as malicious are actually sites with good reputations that have been compromised by attackers.
• Spam makes up 87.2 per cent of all email and 83.5 per cent of that spam has an embedded URL.
This year we have seen malicious code hiding behind the official websites of embassies and the UK Home Office. Facebook has suffered from privacy flaws and phishing attacks.
Waledac introduced a new spy-themed campaign that was not detected by many major antivirus products.
If you look at a typical ‘mash-up’ site, you can see how easily malware can be concealed.
The channel can position itself as a source of expert advice. The need for security is as great, if not greater than ever before. However, we cannot sit and wait for the money to roll in.
We should use any opportunity we can to educate the customer so they can make an informed decision. At a recent series of end user roadshows, I was surprised by the number of people I spoke with who did not realise what Web 2.0 sites actually were, or that the top 100 most popular sites hide the majority of malware.
These are people responsible for maintaining and ensuring IT security. If this is the case then how can their employees be expected to recognise hidden dangers?
There is a clear opportunity for partners to play an educational role here.
Behavioural solutions can obviously only go so far. A solution that automatically analyses and secures web traffic in real time, enabling safe use of the latest Web 2.0 sites and tools, is essential.
Legacy solutions may fall short, but new powerful security products are widely available that instantly categorise new sites and dynamic content, proactively discover security risks, and block dangerous malware.
By offering awareness, consulting, and the potential to drive down costs with managed services or hosted solutions, the channel can provide real value during these recessionary times.
Customers want to keep their businesses competitive and to embrace the internet safely. They are also looking for someone to step in and take the guess-work out of spotting fakes. Let that person be you.
Pat Dunne is senior director at Websense