And with rising risks of viruses and phishing attacks come business opportunities for companies offering protection against these threats.
One business with a local presence that’s riding this wave is Fortinet Inc., which specializes in integrated firewall, web filtering, anti-spam, traffic shaping and other security solutions.
In late April, its first-quarter earnings tripled to $13.6 million on revenues of $93.3 million, as its stock traded near $50, an all-time high since the firm first listed on the Nasdaq in November 2009.
The company then split its stock on May 9. In Ottawa, Fortinet is looking at hiring six to 10 people this year on top of its existing staff of 70. Although the company is headquartered in Sunnyvale, Calif., a third of its employees are here to take advantage of federal business.
“There isn’t another vendor on the planet that can scan for viruses at 10 gigabits,” says Graham Bushkes, Fortinet’s Toronto-based vice-president of sales.
He added that most businesses don’t need that much bandwidth yet, “but they’re getting there as bandwidth becomes less and less expensive.”
A typical computer attack these days comes as a “blended threat,” meaning that it probes for different kinds of holes in a security system; an attack could include a spam e-mail linking to a rogue website that would download a worm to the computer when a user clicks on a link.
A decade ago, the computer would then, usually, have been rendered unusable and the virus would not have spread very far, according to security firm Websense Canada, which is headquartered in Ottawa. But that’s changing as well.
“The type of malware we see are Trojans ... typically controlled by an organization or entity of some sort co-ordinating the attack,” says Patrik Runald, Websense’s senior security researcher who’s based in San Francisco.
“They want to go under the radar; they don’t want to be found.”
In response, both Websense and Fortinet advocate that businesses stick with a single vendor, where possible, to make sure various security features are talking to each other and able to protect against these blended threats when they hit the system.
The next challenge for local companies will be working to address the rise of malware-hosted sites in Canada.
Once upon a time, it was easy to screen for attacks from less-regulated countries like Romania or China and filter excessive or malicious web traffic by IP address, says Websense’s Mr. Runald.
However, Websense recently released an analysis of cyber security in Canada and found that in the past year, the country had a 319-per-cent jump in the number of servers hosting phishing sites, or websites that use nefarious means to get bank passwords or other sensitive information from users. The total number of phishing sites was not disclosed.
Websense uncovered the information from its customers, as well as automated scans of the Internet, which Mr. Runald says means two billion to five billion URLs examined daily, over a 12-month period.
“Firms should have a constant, real-time understanding of the traffic coming into their networks,” he says.
This means companies should not only look at where the traffic coming from, but what it is doing once it arrives, he explains, lest valuable information get destroyed or leaked out.
“Even if worse comes to worst, let’s make sure our intellectual property doesn’t become accessible to somebody else.”
SPYWARE STATS
Canada rose to 6th rank in 2011 from 13th in 2010 worldwide in a ranking of countries that host the most cyber crime sites. These sites perform phishing and/or put other types of malware on a computer.
Top 10 cyber-crime hosting countries
(January to May, 2011)
1. U.S.
2. France
3. Russia
4. Germany
5. China
6. Canada
7. Netherlands
8. South Korea
9. Romania
10. U.K.
Source: Websense Canada
