Top five web security issues

Cyber criminals have always posed a threat. But today, the danger is greater than ever. As companies rely increasingly on the Internet for communications, data and transactions, so the criminals are being tempted by bigger prizes. The game of cat-and-mouse has stepped up a notch and criminals have changed strategy.

Rather than majoring on sending emails with viruses attached, they've found subtler ways to attract victims to come to them via the web. It's the perfect cyber crime and system admins are struggling to keep up.

So let's take a look at five common methods of attack.

First, there's phishing - where an email pretends to be from a legitimate source, like a bank. Recipients log in, but their details are harvested, funds stolen or identities misused. This is an older scan that's become far slicker, more genuine-looking and harder to detect.

At number four, we have poisoned websites. Here, malware creators play on fear and curiosity. A legitimate site, or a fake one, may point to a juicy news story or video. But the destination infects the PC. Or it may issue a fake virus alert and then compel visitors to buy malware that's masquerading as the remedy.

Popular browsers are targeted too, and any security flaws exploited. Criminals gain access to sensitive emails and documents, or shadow a user's browsing activity.

The important plug-ins needed by browsers can sometimes leave the door open too. People forget the download security updates for add-ons like Flash Player or Acrobat.

Top of our list are social networking sites. Often used in the workplace, these can be misused to spread Trojans, Worms and Malware. Employees click on links, download files and put the corporate network at risk. Short URLs can mask dangerous destinations.

Any security breach can prove devastating. Malware and viruses slow down machines and damage productivity. Admins waste hours trying to identify and fix problems. Denial-of-service attacks can halt a company in it's tracks, impacting customers and losing business. Funds can be stolen from bank accounts. Sensitive data and intellectual assets can be stripped online and sold.

So how should companies respond? Well, there's no silver bullet. A holistic approach is needed to cover all bases. First, an acceptable use policy can educate users, What sites can be browsed? What Internet services can be used? Which site should be banned? How much time should be spent on certain kinds of sites? For example Social Networks or Video Sharing. An acceptable use policy is a good start. But it needs to be enforced and combined with good technology. Anti-spam and anti-phishing software reduces risks from emails. Bandwidth monitoring can alert you to a compromised machine. Content filtering can protect browsers and block executable files. An antivirus solution with multiple engines can intercept dangerous content. And monitoring and auditing can ensure that any incidents are handled correctly and one can easily determine who is doing what.

In summary, web-based threats are growing, while shifting in shape and complexity. But a combination of smart policies and solutions will minimize risk and maximize peace of mind.