TRENDING:

Report: Users the Weak Link in Security

March 27, 2006    
Report: Users the Weak Link in Security
Cyber-criminals are targeting the most vulnerable access points within businesses - employees - to execute their attacks, a new study finds.

In its annual closely watched security report, IBM warns that although widespread virus outbreaks are on the decline, on the whole online attacks are expected to rise in 2006. The culprit: highly targeted attacks that rely on naive users.

According to IBM's 2005 Global Business Security Index Report, e-mail-borne viruses dropped sharply in 2005. In 2004, 6.1% of e-mails contained a virus; in 2005, that declined to only 2.8%. "What we're seeing is more directed targeted attacks, and we really think that's because of the financial motivation and the underground economy driving those things," an IBM security expert said.

Spear Phishing Grows
Targeted phishing attacks, dubbed "Spear Phishing," also rose in 2005, typically as a technique to bait users into opening other forms of malware.

Analysts expect hackers to change their tactics somewhat and perform more focused “botnet” powered attacks in 2006. Botnet networks are comprised of compromised systems under the command of a central operator.

The attacker landscape is also expected to shift in 2006 to further include unsuspecting users to help hackers execute attacks. Indeed, a recent study from MailFrontier found that only 4% of users can spot a phished e-mail all the time. Experts say this is still more evidence that in 2006, computer users will continue to be the weak link in corporate security.

There are a number of things that enterprises will need to do to protect themselves against the weak link. One is identity management, because without it, it’s very difficult for enterprises to help keep track of who has access to what. Education is also seen as being a key to improving security in 2006.

© National Security Institute, Inc. – Content excerpted from NSI’s SECURITYsense—a monthly information security awareness service for educating your end users. This copyrighted article is the property of the National Security Institute and may not be reproduced or redistributed in any form without license agreement. For more information on the SECURITYsense program and to view FREE samples, visit http://nsi.org/SECURITYsense2.html.

Previous
Biometrics - Attack of the Clones
Next
Look out - the IP-enabled machines are coming!



Around the Network

Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.