Online fraud in the form of phishing, spyware, and other types of information theft are up significantly on the previous year. This year, Symantec has counted the incidence of phishing attempts at around seven million per day, with each new day bringing in close to 900 of what are described as new or unique attempts. McAfee confirms this by stating that, across the board, computer threats are becoming more sophisticated, and, at the same time, the supporting requirements for delivering security are becoming more complex.
Drilling down into the detail of what has been another difficult year for most IT security managers, it is clear that the vast majority of externally delivered, serious corporate threats are being professionally launched. There is an obvious malicious and financial agenda, with attacks being focused on businesses and private computer users where there is the most potential for reward.
In addition, 2006 has seen a continuing growth in zero-day exploits, which carries with it a clear indication that attackers are focusing more on the discovery and exploitation of existing and newly-found software vulnerabilities. There are also indications that there has been a growing use of rootkits, including kernel-mode rootkits, this year; something that before 2006 was extremely unusual.
Furthermore, 2006 has continued to be a bad year for the growth in spyware threats. In fact, many security experts believe that dealing effectively with spyware remains one of the most difficult areas for IT security vendors to deal with, and indeed one that the industry as a whole has so far failed to crack. Significantly, every security vendor that is worthy of the name claims to have a spyware solution, but few seem to have anything that deals with the end-to-end issues of spyware, with most falling short in the key areas of identification and remediation.
An associated issue that will need to be more effectively addressed as we move into 2007 is that of data loss prevention (DLP). The starting point will be to understand each organization’s data protection requirements: where and how its confidential data is being exposed; where and how confidential data is being copied; where confidential data is being sent; and, from this, how data loss policies should be enforced. As a result, there is a need to more effectively monitor network exit points, and provide the ability to stop internet communications containing confidential data from leaving corporate networks.
As we move into 2007, there needs to be more emphasis on security improvement and service delivery unification. The unified threat management (UTM) approach to the delivery of protection services is beginning have a significant impact upon how enterprise and SMB organizations go about purchasing and upgrading their protection systems. However, we need to see more substance from security solutions that sit under the UTM banner, and less of the hype that has so far been used to drive the UTM market forward.
Source: OpinionWire by Butler Group (www.butlergroup.com)