Businesses Beware: March Madness could also be called Hacker Heaven
It's that time of the year again: March Madness. If you're me that means constant flashbacks of your father sitting down your entire family for an annual quiz on college sports teams' mascots. If you're other, more normal people, however, that probably means you're aware and have filled out a bracket. Many of us out there have even entered into an office pool.
Whether this intra-office brackets is good or bad for productivity is still up for debate. But one issue oft-overlooked is how this monthlong basketball spree could affect computer security. In fact, it's times like these when networks could be most vulnerable.
To explain, let's put a few things into perspective. According to a recent survey from Osterman Research, some kind of malware has infiltrated 74 percent of organizations via the web. This is to say that a virus of some sort was introduced into a company's infrastructure due to a web page someone surfed to whilst online. And these sorts of attacks are only increasing. Security firm Trustwave's 2013 Global Security Report says that instances of mobile malware have increase 400 percent since 2012.
In essence, cybercriminals trying to gain entry in organizations IT systems are relying more and more on web tactics. Thus why March Madness could be a nightmare for IT departments trying to ward off these attacks. As Trustwave's Vice President of Product Management Steve Kelley told me, it's an especially unique event because it's three different tournaments playing games that go on simultaneously -- many which occur during work hours.
He has reason to be concerned. Take for instance the Pony malware that stole over $200,000 worth of bitcoin. Its deployment happened to coincide with the Winter Olympics -- when millions of people were surfing to foreign pages to try and live stream the international event. Or how about the phishing campaign that promised web users "shocking" images of the lost Malaysian aircraft? These are all examples of how hackers know current events and capitalize on them.
So businesses are faced with a choice: do they try to crack down on such in-office activities like game streaming, or do they embrace it as a morale booster? If it's the latter their networks could be at risk, and if it's the former IT departments are going to have to do some serious system restructuring.
As Kelley explained, "In either situation, organizations really do need to have a secure solution in place." For companies welcoming office pools, it means IT professionals have to implement more "flexible policies." Kelley sees these as implemented tools that bolster email and web security, making sure links are safe and that no internal vulnerabilities are discovered. Of course, since he works for an online security firm, his company offers such tools. At the same time, the general gist is just to be aware and hyper-vigilant.
Kelley's intent isn't to discourage organizations from implementing company-wide pools and game viewings -- in fact, he generally agrees with this tact in terms of morale building. The idea is just to ensure that opened up web access in an office environment is "done within reason." Additionally, every company's network framework ought to be implemented safely and securely.
In short: remain smart and aware. Hackers have a knack for finding any and all vulnerabilities. Thus it is IT professionals' jobs to remain cognizant and diligent.
I would hope it's the same hue of diligence they put into their brackets.