Most of us who watch action movies, where a skilled hacker holds an organization or even a country to ransom will dismiss it as fiction. However, the case of Stuxnet – the first computer worm to affect real-world infrastructure, easily reads like the blockbuster. This is the first publicly widespread threat that has shown a possibility of gaining control of industrial systems used in critical infrastructure and placing it in the wrong hands.

Stuxnet confirms that cybercriminals are targeting four key areas of weakness which puts enterprise environments at risk: poorly enforced IT policies, poorly protected information, poorly managed systems and poorly protected infrastructure. It also signals a shift in the cyber security landscape – attackers who were earlier motivated by fame or financial gain, are today aiming to sabotage real-world systems.

At the same time, Indian enterprises also need to secure themselves against the growing insider threat to data. While malicious insider data breaches by disgruntled employees are increasing, the well-meaning insider threat to data has also grown. Symantec’s State of Enterprise Security Survey 2010 revealed that 54 percent of Indian enterprises feel external attacks are growing, 42 percent feel internal malicious attacks are growing and 52 percent feel internal unintentional instances of data loss are rising. The survey also revealed that 23 percent of Indian enterprises experienced data breaches due to malicious insiders and 31 percent experienced data breaches to insider negligence. Data loss by well-meaning insiders occurs due to employees accidentally disclosing confidential data, causing internal data spills, trying to undermine security, falling victim to social engineering tactics, or bypassing key company processes.

All these security risks are aggravated by the explosion of mobile devices in the enterprise. According to industry reports over 80 percent of Fortune 100 companies are using or testing a tablet, an increase from 65 percent three months ago. Symantec’s Enterprise Security Survey 2010 also revealed that 73 percent of Indian enterprises are witnessing a growth in smartphones connecting to the network. The increasing mobility of the workforce and the resulting heterogeneity of enterprise environments mean information today is more dispersed, and much more difficult to manage and secure. This is aggravated by the fact that the volume of digital information that is being generated is also exploding. Information explosion in enterprises today is particularly in the form of unstructured data – for example, spreadsheets, documents and emails – that does not reside in traditional databases. IDC predicts the growth of unstructured data to continue at over 60 percent per year, and in many organizations it accounts for more than 80 percent of all data. This deluge of unstructured data is much more difficult to manage and secure. An organization’s most valuable information – its intellectual property – is often buried within a growing volume of unstructured documents, many of which are not sensitive.

Unstructured data stores are also typically less secure than other data repositories, making them more vulnerable to data loss from both internal and external threats.