The 2011 Internet Security Threat Report – There Is No Panacea to Protect Against All Attacks
When it comes to Internet security, organizations shouldn’t feel like it’s only a matter of time before they suffer a catastrophe. But at the same time, it’s important to recognize that there is no single preventive measure that will guarantee safety from all attacks. Unfortunately, there are so many kinds of attacks that it’s difficult for users to know what threats are the most dangerous, and how to stay on top of them, but each can be dealt with individually. Each year Symantec publishes the Internet Security Threat Report to provide users with a better understanding of the threat landscape, and in a sense helps provide an alliance to protect them from being blindsided.
Symantec’s 2011 Internet Security Threat Report reveals that threats are skyrocketing and are definitely not a game. In fact, malicious attacks increased 81 percent from the year before. That’s a total of 5.5 billion attacks blocked just by Symantec. Web attacks are also up – by 36 percent.
Advanced Targeted Attacks and Data Breaches
More organizations are being hit with advanced targeted attacks than in the past. And, although attacks against large enterprises are highlighted in the media, more than half of all targeted attacks are actually directed at businesses with fewer than 2,500 employees. And almost 18 percent are targeting organizations with fewer than 250 employees. They’re not just targeting executives with deep access to confidential information either. 58 percent of people who are being targeted are in positions such as public relations, human resources and sales—positions that can provide cybercriminals with corporate information and open the door to more attacks. Advanced persistent threats, stealthy attacks by well-funded and organized groups, are also on the rise.
Data breaches are increasing, with politically motivated hacking coming into the spotlight in 2011 and resulting in the compromise of 187 million identities. These breaches also result from lost or stolen mobile devices, which are increasingly a security concern as more people use them to access business information. In total, 232 million identities were stolen in 2011. Furthermore recent research by Symantec revealed that 96 percent of lost phones will suffer a data breach.
Mobility, Spam and Malware
In addition to the loss of mobile devices, more cybercriminals are creating malware for these devices, especially with the proliferation of the relatively open Android operating system. We saw a 93 percent increase in mobile vulnerabilities and for the first time these threats became a tangible concern for businesses and consumers.
One bright spot in the report is the reduction in spam emails being sent – from 88 percent of all email volume to 75 percent – as authorities shut down one of the largest botnets in the world. But while the number of spam declined, there was an increase in phishing emails and other scams.
Malware is still rampant on websites and in email. Surprisingly, the report notes that 61 percent of websites exposing users to malware are actually legitimate sites that have been compromised, rather than sites created for the sole purpose of infecting users. And, 4 to 5 percent of business email messages sent now contain malware.
Protecting Your Business in the Face of These Threats
While security is always a daunting task, knowing what you face makes it easier to prepare for inevitable attacks and will help protect you from being caught unaware. You need a comprehensive plan in place that will cover every potential point of compromise, from the network level to the endpoint. In addition to standard antivirus software, you will need to consider reputation-based protection that can handle previously unknown threats, and data loss prevention solutions, as well as network-based protection such as firewalls.
To supplement technology-based protection, you should implement policies that will keep sensitive information safe. Ensure that security measures are always patched, and be sure confidential data encrypted, particularly on mobile devices. Employees should also be trained on intelligent Internet and email use, to minimize exposure to threats. By combining intelligent users with the latest security technology, your organization won’t need to fear internet-based threats.
Let us know your thoughts below, and for more information, see the full Internet Security Threat Report at .