2013 CHECK POINT ANNUAL SECURITY REPORT
The Rules of the Game have Changed
The rules of the game have changed. Internet applications
were once considered to be a passtime activity; a means
to see pictures from our friends’ latest trips and to watch
funny movies. Internet Web 2.0 applications have now
become essential business tools in the modern enterprise.
We communicate with colleagues, customers and partners,
we share information with others, and we get the latest news,
opinions and views. Internet based tools such as Facebook,
Twitter, WebEx, LinkedIn, and YouTube to name a few,
are becoming more and more prevalent in enterprises that
acknowledge them as business enablers.
In this section of our research, we will discuss the general risks
introduced by web 2.0 applications and their infrastructure,
followed by a focus on specific applications found in use
at the organizations in our research. Our findings will be
illustrated with real reported incidents and examples.
Web Applications are Not a Game
As technology evolves so do the security challenges. Internet
tools also introduce new security risks. A number of
useful internet applications are used as attack tools against
organizations, or may lead to a breach in network security.
Applications such as Anonymizers, File Storage and Sharing,
Peer-to-Peer File Sharing, Remote Administrative Tools and
Social Media have been used to exploit organizations.
There’s a myriad of platforms and applications that could
be used for personal or business reasons. Each organization
needs to be aware of what employees are using, and for what
purposes, and then define their own Internet policy.
In 91% of the organizations, users were found to be using
applications with a potential to bypass security, hide
identities, cause data leakage or even introduce a malware
infection without their knowledge.
03
APPL ICAT IONS IN THE
ENTERPRISE WORKSPACE
In June, 2012, the US Federal Trade Commission (FTC)
charged two businesses for exposing sensitive information
on Peer-to-Peer File-Sharing networks, putting thousands
of consumers at risk. The FTC alleged that one of the
organizations, EPN, Inc., a debt collector based in
Provo, Utah, exposed sensitive information, including
Social Security numbers, health insurance numbers, and
medical diagnosis codes of 3,800 hospital patients, to
any computer connected to the P2P network. The FTC
alleged that the other organization, an auto dealer named
Franklin‘s Budget Car Sales, Inc., exposed information of
95,000 consumers on the P2P network. The information
included names, addresses, Social Security Numbers,
dates of birth, and driver‘s license numbers
18
.
In 2010, the FTC notified almost 100 organizations
that personal information, including sensitive data about
customers and/or employees, had been shared from their
networks and is available on peer-to-peer (P2P) file-
sharing networks. Any users of those networks could use
the data to commit identity theft or fraud
19
.
SENSITIVE DATA SHARED BY P2P FILE-
SHARING APPLICATIONS IN THE US
1...,9,10,11,12,13,14,15,16,17,18 20,21,22,23,24,25,26,27,28,29,...50