Israel and network security

80% of the top 50 malicious code samples could reveal confidential information, the report said, up from 74% in the first half of 2005.

network security 88 (photo credit:)
network security 88
(photo credit: )
Israeli companies lack the necessary regulations to force them to protect their computer systems from the threats of cybercrime, despite the global rise in theft of confidential information over the Internet, network security provider Symantec said Tuesday. "Liability is an important issue in the industry and apart from the financial services sector and companies traded on the Nasdaq, there is no regulation forcing Israeli corporations to implement the necessary protection," said Arie Danon, General manager of Southern Mediterranean countries at Symantec. "In the US, the security responsibility falls directly with the company CEO, as a result of Sarbanes-Oxley, and they know they will be liable if something happens, but this is not the case in Israel." The Sarbanes-Oxley Act of 2002 was implemented in the US to protect investors by raising the level of corporate governance and accountability, whereby companies must institute tighter controls of their information technology internal control systems. Danon explained that Israeli banking and insurance industries are regulated by the Bank and Insurance Inspectors, respectively, but nothing exists in other sectors. In its ninth semi-annual Internet security threat report, Symantec noted a continued rise in Internet information attacks, or 'malicious code' attacks, "designed to silently steal data for profit without doing noticeable damage that would alert a user to its presence." Eighty percent of the top 50 malicious code samples could reveal confidential information, the report said, up from 74% in the first half of 2005. Symantec documented 1,895 new software vulnerabilities between July and December 2005, the largest total recorded number of vulnerabilities since 1998. Of these, 97 percent were considered moderately or highly severe and 79% were considered easy to exploit, it said. The report also detailed a growing trend of attackers using 'bot' networks (programs that provide attackers with unauthorized control of a computer), targeted attacks on Web applications and modular malicious code. Symantec said it expects to see more diverse and sophisticated threats used for cybercrime as well as an increase in the theft of confidential, financial and personal information for financial gain. The potential dangers of cybercrime surfaced in Israel last May when police arrested 11 private investigators suspected of infiltrating the computer systems of their clients' competitors with a "Trojan horse," a piece of software that enabled the users to steal classified commercial information. Danon said the Trojan horse affair contributed to a growing understanding from local enterprises of the need to protect their networks. "The trends in Israel are quite similar to the rest of the world in the types of attacks made," he said. "In our protection, we are considered early adaptors and are very aware of security solutions." He stressed the need for homes to implement a personal firewall on their computers, in addition to just anti-virus protection. Enterprises, he added, should have full end point protection to provide complete and updated control over every user in the network. California-based Symantec employs 200 people in Israel, 180 of which are at its development center in Or Yehuda.