Print this article

Comment This

Email this article

With sustained 8% growth per year, India is destined to become the world's second largest economy by 2050, reports Goldman Sachs. That's the good news. The bad news is, as India becomes more of a global powerhouse, it also becomes a more inviting target to cyberthieves, hackers and organized Internet gangs.

The greatest cybercrime problem worldwide is not common hacking or defacements-despite the embarrassment they may bring-but attacks that are economically-based.

The Malware Economy
The spread of malware is driven by the very real prospect of economic gain, and as attackers gain more success, the malware economy becomes self-perpetuating. Spammers, phishers, and other cyber-criminals are becoming wealthier, and therefore have more financial power behind them to create larger engines of destruction. Hacking is no longer the domain of the single, lonely character sitting in his parents' basement-it is big business, often led by wealthy individuals, with multiple employees and large bankrolls of illicit cash. And what's worse is that not only is the frequency and sophistication of the attacks increasing, the amount of damage is increasing as well. A Gartner Group report showed 2006 profits from phishing scams rose over 400%, from $257 per victim to $1,244 per victim.

As the cybercrime industry grows and becomes more organized, it also becomes easier for attackers to execute attacks. It is now possible to buy and sell malware in an underground marketplace. Some of the most successful cybercriminals today are not even the ones who perpetrate attacks directly, but those who provide the infrastructure, by creating illicit botnets, phishing kits, and other attack components and selling them to the others.

Solving the Problem
We tend to think in terms of security silos, with individual solutions targeting specific attack vectors. Unfortunately, this view is inadequate, and there is no single "silver bullet" that can make your network secure. On the contrary, the solution must come from multiple areas, multiple tools, and multiple people throughout the organization. Solving the corporate security dilemma requires a dynamic and multilayered approach which is not contained in a single solution, but rather in the coordinated interaction of multiple solutions.

The first four layers are technological solutions, and include a comprehensive system to protect your email system, a firewall, a content filtering system, and secure remote connectivity. Remote machines, whether they are an individual employee's home laptop, or a client site halfway around the world, pose a great danger simply because one has less control over their configuration-establishing a secure connection through an SSL-VPN can overcome these challenges.

The fifth and sixth layers are not technological, but legislative and behavioral.

Information technology has connected the world to an unprecedented level, and India's unmitigated global success depends on the sustained interconnection of India and the rest of the world in terms of economy, information, and most importantly, technological infrastructure. As India has taken a global leadership position in information technology, it must take the lead in the area of information security. Some early steps have been taken on a national level with the passage of the Information Technology Act, 2000-and continued national leadership, standardization, and security guidance forms one of the many important layers of a successful security environment. The final layer is behavioral, and it involves education. Everyone, from the top down, needs to understand the problem, and be educated about the solution.

Security now surpasses patching up individual vulnerabilities, and goes beyond protecting one's company against nuisance attacks and common viruses. It's about protecting your money. The malware economy has become organized, and fighting it will never be the same again.