Report: Users the Weak Link in Security

Report: Users the Weak Link in Security
Cyber-criminals are targeting the most vulnerable access points within businesses - employees - to execute their attacks, a new study finds.

In its annual closely watched security report, IBM warns that although widespread virus outbreaks are on the decline, on the whole online attacks are expected to rise in 2006. The culprit: highly targeted attacks that rely on naive users.

According to IBM's 2005 Global Business Security Index Report, e-mail-borne viruses dropped sharply in 2005. In 2004, 6.1% of e-mails contained a virus; in 2005, that declined to only 2.8%. "What we're seeing is more directed targeted attacks, and we really think that's because of the financial motivation and the underground economy driving those things," an IBM security expert said.

Spear Phishing Grows
Targeted phishing attacks, dubbed "Spear Phishing," also rose in 2005, typically as a technique to bait users into opening other forms of malware.

Analysts expect hackers to change their tactics somewhat and perform more focused “botnet” powered attacks in 2006. Botnet networks are comprised of compromised systems under the command of a central operator.

The attacker landscape is also expected to shift in 2006 to further include unsuspecting users to help hackers execute attacks. Indeed, a recent study from MailFrontier found that only 4% of users can spot a phished e-mail all the time. Experts say this is still more evidence that in 2006, computer users will continue to be the weak link in corporate security.

There are a number of things that enterprises will need to do to protect themselves against the weak link. One is identity management, because without it, it’s very difficult for enterprises to help keep track of who has access to what. Education is also seen as being a key to improving security in 2006.

© National Security Institute, Inc. – Content excerpted from NSI’s SECURITYsense—a monthly information security awareness service for educating your end users. This copyrighted article is the property of the National Security Institute and may not be reproduced or redistributed in any form without license agreement. For more information on the SECURITYsense program and to view FREE samples, visit http://nsi.org/SECURITYsense2.html.





Around the Network