IT security business thrives amid crisis

An economic recession may be making paupers out of millionaires but it also provides opportunities for some.

IT experts have warned that the recession will provide a fertile feeding ground for cyber criminals looking to make a quick buck by getting vital personal information off the net and by recruiting IT professionals who have lost their jobs, but the fact remains that business is booming for the IT security companies in these difficult times.

Sebastien Commerot, Marketing Manager, Ironport, Southern Europe, Middle East and Africa, said: "IT security sector is the least affected segment of the IT industry as businesses today recognise the need for a good security system. The IT security segment has seen a significant increase in business in 2008 as compared to 2007. At the pace that it is growing, business revenue is expected to remain static for the rest of 2009.

"During this economic downturn companies have started downsizing their personnel, which could lead to a situation where the laid off employees might be involved in sabotage or might steal privileged company data, underlining the need for IT security," he told Emirates Business.

According to Ironport, recent studies have shown that companies in the Middle East have become a favourite target for spam emails, amounting to around 90 per cent of around 1.5 million emails received everyday. On a more global scale, spam accounts for 78 per cent of emails sent each day.

Commerot said: "Web-based threats in the Middle East have grown by 600 per cent over the last two years. We frequently get reports from our clients about attempts to break into their firewall-protected programs and try to cause serious damage. This is why we have urged our clients to constantly monitor and guard their systems against these threats. These security breaches have become more sophisticated and highly structured. However, individual and organisational Arab users are now responding positively to the security needs of their respective systems by acquiring reliable web security applications and appliances."

Experts warn that despite the need for increased security, companies will also be looking for return on investment in these difficult times from IT security experts.

Rik Ferguson, Senior Risk Analyst, Trend Micro, said: "People will be looking to secure their data ever more in these challenging times. In the current climate, with so many companies operating just at break-even point, it may only take a serious data loss from information stealing malware to push them into bankruptcy.

"In order to protect their customer information and intellectual property companies need to think about data leakage prevention solutions. However, companies will also be looking to simplify, rationalise and increase the return on their security investment so we will see them perhaps spending smarter, rationalising vendors and simplifying management as we go through this global recession."

The experts say that the emergence of new IT threats spawned the need for new security solutions and products.

However, in terms of pure demand, the classical products are still successful. Technology like firewalls and anti-malware solutions are always in demand as they are necessary foundations of security strategy. The fastest growing demand is for Data Leakage Prevention solutions and encryption solutions, both technologies that mitigate against data theft and loss.

Ferguson said: "In the words of the old adage, in information security, 'the only constant is change'. As well as the emerging solutions technologies like identity-based email encryption and data leakage prevention, we are also seeing a radical shift in the way anti-malware solutions combat malware and cybercrime. Even in a market long characterised as 'commoditised' the new threat is driving innovation. For example the Trend Micro's Smart Protection Network no longer relies on constantly creating and distributing updated virus definitions, or pattern files.

"This 20th century technology is no longer up to the job of protecting our customers. Instead, our email reputation, web reputation and file reputation databases are available online. Known collectively as the Smart Protection Network, our software queries this database in real-time, providing always-on, always up-to-date protection to our customers, whether that be home users or enterprise, at the desktop, server or gateway."

Commerot added: "The minute you stop investing in Research and Development, it makes your product obsolete and good as the last time it was updated. There is a huge demand for security solutions designed for e-mail, web browsing and data leakage.

"Companies today have realised the importance of having an efficient and reliant security solution in their systems to make sure that business assets, data, and other important information are protected."

According to the experts, the emergence of sophisticated social engineering-based botnet attacks that are currently eating its way to computers via spam emails are considered to be a major threat in the IT sector. A botnet can be defined as a collection of compromised computers that run malicious software installed via worms, Trojan horses or backdoors using a common command-and-control structure. These computers are also called zombie computers.

Commerot said: "The Middle East region, which is regarded as the world's fastest growing ICT region, has become highly susceptible to these botnet attacks. In fact, botnet attacks in the Middle East alone have accounted for 80 per cent of the world's spam and incur click fraud losses, which have totalled to more than Dh3.67 billion annually.

"An IronPort research has revealed that more than 80 per cent of these botnet attacks are made up of spam email advertising dubious online pharmacy brands. The spam being transmitted via a network of personal computers infected by the Storm worm trojan using several sophisticated social engineering tricks and web-based exploits."

The report also shows that these spam templates; "spamvertised" uniform resource locators; website designs; credit card processing invitations; product fulfilment; and customer support were being provided by a Russian criminal organisation that operates in conjunction with Storm.

This criminal organisation recruits botnet spamming partners to advertise their illegal pharmacy websites, giving them a 40 per cent commission on sales orders.

Aside from botnets, there are still reported cases of other malicious software like spyware and phishing programs that lead to cases of identity theft and other cases of fraud.

The experts feel that in the current scenario, there will also be a demand for more IT specialists in the IT security sector.

Commerot said: "The demand for more IT personnel who specialise in security software and solutions will increase. This can be attributed to two factors, the first one being that the IT security sector is least affected by the crisis and second is that there is a growing demand for more IT security software and solutions."

Ferguson said: "Advances in technology mean that IT in general is always contributing to the smooth running of a company, whether that be through safeguarding its digital assets through IT security, or saving money through automated power management software. This will continue as it always has, although the recession will drive innovation. Necessity is always the mother of invention."

Follow Emirates 24|7 on Google News.