Page 19 - Check Point 2013 Security Report

2013 CHECK POINT ANNUAL SECURITY REPORT

The Rules of the Game have Changed

The rules of the game have changed. Internet applications

were once considered to be a passtime activity; a means

to see pictures from our friends’ latest trips and to watch

funny movies. Internet Web 2.0 applications have now

become essential business tools in the modern enterprise.

We communicate with colleagues, customers and partners,

we share information with others, and we get the latest news,

opinions and views. Internet based tools such as Facebook,

Twitter, WebEx, LinkedIn, and YouTube to name a few,

are becoming more and more prevalent in enterprises that

acknowledge them as business enablers.

In this section of our research, we will discuss the general risks

introduced by web 2.0 applications and their infrastructure,

followed by a focus on specific applications found in use

at the organizations in our research. Our findings will be

illustrated with real reported incidents and examples.

Web Applications are Not a Game

As technology evolves so do the security challenges. Internet

tools also introduce new security risks. A number of

useful internet applications are used as attack tools against

organizations, or may lead to a breach in network security.

Applications such as Anonymizers, File Storage and Sharing,

Peer-to-Peer File Sharing, Remote Administrative Tools and

Social Media have been used to exploit organizations.

There’s a myriad of platforms and applications that could

be used for personal or business reasons. Each organization

needs to be aware of what employees are using, and for what

purposes, and then define their own Internet policy.

In 91% of the organizations, users were found to be using

applications with a potential to bypass security, hide

identities, cause data leakage or even introduce a malware

infection without their knowledge.

03

APPL ICAT IONS IN THE

ENTERPRISE WORKSPACE

In June, 2012, the US Federal Trade Commission (FTC)

charged two businesses for exposing sensitive information

on Peer-to-Peer File-Sharing networks, putting thousands

of consumers at risk. The FTC alleged that one of the

organizations, EPN, Inc., a debt collector based in

Provo, Utah, exposed sensitive information, including

Social Security numbers, health insurance numbers, and

medical diagnosis codes of 3,800 hospital patients, to

any computer connected to the P2P network. The FTC

alleged that the other organization, an auto dealer named

Franklin‘s Budget Car Sales, Inc., exposed information of

95,000 consumers on the P2P network. The information

included names, addresses, Social Security Numbers,

dates of birth, and driver‘s license numbers

18

.

In 2010, the FTC notified almost 100 organizations

that personal information, including sensitive data about

customers and/or employees, had been shared from their

networks and is available on peer-to-peer (P2P) file-

sharing networks. Any users of those networks could use

the data to commit identity theft or fraud

19

.

SENSITIVE DATA SHARED BY P2P FILE-

SHARING APPLICATIONS IN THE US