The latest issue of the Symantec Internet Security Threat Report, (Volume XI), was released in March. The new report provides a detailed analysis of the online threat landscape during the six months between July 1 to Dec. 31, 2006. In general, the findings show an increase in data theft and data leakage, and more malicious code being created to target specific organizations for information that can be used for financial gain.
Data is one the most important assets of any small or mid-sized business, and is also a valuable target for attackers. Small to mid-sized businesses house a wide range of data — payroll and customer information, internal documents, financial reporting data, emails, and more. The Report findings indicate that business data is being targeted and sold via an underground market — reinforcing the importance of securing the confidentiality, integrity, and availability of data.
In the Report, researchers also noted high levels of malicious activity across the Internet, with increases in phishing, spam, bot networks, Trojans, and zero-day threats. However, whereas in the past these threats were often used separately, attackers are now refining their methods and consolidating their assets to create global networks that support coordinated criminal activity.
For the first time, the Report discusses “underground economy” servers that are being used by criminals to sell stolen information, usually for later use in identity theft. This data can include government-issued identity numbers, credit card numbers, bank cards and personal identification numbers (PINs), user accounts, and email address lists. According to the Report researchers found “U.S.-based credit cards with a card verification number were available for between $1 to $6, while an identity — including a U.S. bank account, credit card, date of birth, and government-issued identification number — was available for between $14 and $18.” During the second half of 2006, 51 percent of all underground economy servers known to Symantec were located in the United States, the highest total of any country.
Here some findings that small and mid-sized businesses should be aware of:
- Theft or loss of a laptop or data storage medium made up 54 percent of all identity theft-related data breaches. The second most common cause of data breaches that could lead to identity theft during the last half of 2006 was insecure policy, which made up 28 percent of all incidents.
- 86 percent of the credit and debit cards advertised for sale on underground economy servers known to Symantec were issued by banks in the U.S.
- Microsoft Internet Explorer was targeted by 77 percent of all attacks specifically targeting Web browsers.
- Symantec documented 54 vulnerabilities in Microsoft Internet Explorer, 40 in the Mozilla browsers, and four each in Apple Safari and Opera.
The report findings reiterate the importance for any small or mid-sized businesses to implement a solid security program. The wide range of today’s threats have the potential to not only affect business’ IT systems but the financial security of the business and its customers. According to Arthur Wong, senior vice president, Symantec Security Response and Managed Services, “As cyber criminals become increasingly malicious, they continue to evolve their attack methods to become more complex and sophisticated in order to prevent detection. End users, whether consumers or enterprises, need to ensure proper security measures to prevent an attacker from gaining access to their confidential information, causing financial loss, harming valuable customers, or damaging their own reputation.”
The Report outlines the threats you need to know about, as well as best practices you can follow to address the risks. You can download the entire Internet Security Threat Report
here.
Technorati
Digg
Delicious
Reddit
Newsvine
StumbleUpon
Buzz
Blinklist
Mixx
Google
