Data breaches, Vista, spam, and the professionalization of cybercrime top the security firm's list of the year's security perils.
With the end of 2007 approaching, security companies are looking ahead to 2008. McAfee planned to release its predictions about upcoming risk trends on Friday and Symantec has sent members of the media its assessment of the year to date and of the computer security perils people will be dealing with next year.
Topping Symantec's list of 2007 security trends is data breaches. Given that Symantec said earlier this month that it has agreed to purchase data-leak prevention company Vontu for $350 million, this isn't entirely surprising. Symantec is making a significant bet that there's money to be made plugging holes in corporate firewalls, as are competitors like Cisco, Trend Micro, and Websense, all of which have made similar acquisitions.
It's not hard to understand why: According to a 2006 study by the Ponemon Institute, data breaches cost an average of $4.7 million per incident and are predicted to cost even more in the future. That's not the sort of outlay any IT pro wants to own.
"Data breaches are indicative of an underlying trend: a movement away from hobbyist attacks... to targeted financially motivated attacks," said Amrit Williams, CTO of enterprise security company BigFix and a former IT security analyst for Gartner. "When you have a motivation that's driven by financial gain, the goal is to be quiet. You don't want to be seen. What the attackers are after is not to bring systems down. They're after the information itself."
Symantec's number two security trend for 2007 is Windows Vista, which has seen 16 security patches since its introduction. Both Symantec and McAfee foresee more attention being paid to Vista by malware writers as Vista adoption continues.
Third on Symantec's list is spam, which reached record levels in 2007, according to the company. That may seem improbable given the vast sea of spam in which we've been swimming for the past few years, but spammers' fortunes are buoyed by their ever-rising tide of unwanted messages. Thus, we now have to contend with spam in new bulky flavors -- image spam, PDF spam, MP3 spam, and greeting card spam -- that strains server resources even further.
A tasty irony: Offline, the mafia has long been involved with garbage collection; online, the cyber mafia is in the business of garbage generation and it's the security industry that makes a killing cleaning up.
And, as Williams and others have said, it is a business. Symantec claims that a member of the Fujacks cybercrime gang once boasted, "This is a better money-making industry than real estate."
To sustain that business and improve margins, cybercriminals are creating professional attack kits. That's the fourth-ranked trend on Symantec's list. "Forty-two percent of phishing Web sites observed in the first half of the year were associated with three phishing toolkits," according to Symantec. Kits like WebAttacker and MPack make malicious expertise available globally in an instant, with the only requirements being a download, some IT savvy, and contempt for the law.
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.