Security systems take on hackers

It all starts off innocently. An office worker clicks open the inbox and sees an e-mail purporting to be from a friend, or a familiar address such as a social networking site.

The link is opened and a torrent of digital trouble is unleashed in the form of worms, viruses, malware and other programs that can take over a computer network.

At one end of the scale, it may be spyware from a legitimate company gathering information about sites visited or browsing habits. In more extreme cases, that link to a funny video or offer of prize money could leave offices vulnerable to hackers intending to infect a network, or criminals gathering information such as passwords to bank accounts and client details.

In the 1970s, office managers mainly concerned themselves with physical security and relied on locks and keys while keeping an eye on suspicious activity. Now, vigilance extends to watching over virtual private networks and using content filters to monitor Web activity.

According to NetWitness, which provides network security for government agencies and companies in the United States, nearly 2,500 hackers in Europe and China successfully gained access to a wide array of data, from credit card transactions to intellectual property, in attacks co-ordinated globally from late 2008 to early this year. The US Department of Defense (DoD) has also charted the growth of malicious cyber activity.

Ploys enticing computer users to click on links ranged from e-mail attachments, or adverts claiming to clean up viruses, to phishing links for fake websites urging users to update details such as passwords and addresses.

One growing trend is programs that control computers remotely by turning them into botnets whereby e-mail address books are harvested and used to send out promotions for anything from fake medicines to bogus university degrees. A whole sector of the software industry has grown to combat hacking, which computer experts say was once the domain of pranksters seeking notoriety, but has now become a lucrative activity for organised crime.

Home computer users have long been urged to use antivirus and security software, and browsers and websites often come with their own defence features. But for corporations using larger networks, it's a matter of unified threat management (UTM); in other words, wheeling out the big guns of cyber security.

UTM is set to be a big growth area for the hi-tech sector by next year and has already outgrown the firewall market, according to Fortinet, which supplies network security appliances. Its latest FortiGate multi-threat security products integrate top-range firewall and intrusion prevention system, with advanced application-based protection, and are aimed at larger enterprises.

To combat links to malicious websites and viruses, while blocking any Trojan horse intruders, the products combine layers of protection in addition to an enhanced firewall. Reports say their advantages are in their ability to keep businesses running with computer networks operating at normal speeds while effective defences against cyber threats are maintained.

While the inquisitive nature of office workers tends to stop at the sight of a bland-looking box resembling a hi-fi amplifier, it's the circuitry within that box that forms the barrier between them and threats from criminals and pranksters. If only users could be less curious about the links that bombard many an e-mail inbox.