Data breaches, Vista, spam, and the professionalization of cybercrime top the security firm's list of the year's security perils.
With the end of 2007 approaching, security companies are looking ahead to 2008. McAfee planned to release its predictions about upcoming risk trends on Friday and Symantec has sent members of the media its assessment of the year to date and of the computer security perils people will be dealing with next year.
Topping Symantec's list of 2007 security trends is data breaches. Given that Symantec said earlier this month that it has agreed to purchase data-leak prevention company Vontu for $350 million, this isn't entirely surprising. Symantec is making a significant bet that there's money to be made plugging holes in corporate firewalls, as are competitors like Cisco, Trend Micro, and Websense, all of which have made similar acquisitions.
It's not hard to understand why: According to a 2006 study by the Ponemon Institute, data breaches cost an average of $4.7 million per incident and are predicted to cost even more in the future. That's not the sort of outlay any IT pro wants to own.
"Data breaches are indicative of an underlying trend: a movement away from hobbyist attacks... to targeted financially motivated attacks," said Amrit Williams, CTO of enterprise security company BigFix and a former IT security analyst for Gartner. "When you have a motivation that's driven by financial gain, the goal is to be quiet. You don't want to be seen. What the attackers are after is not to bring systems down. They're after the information itself."
Symantec's number two security trend for 2007 is Windows Vista, which has seen 16 security patches since its introduction. Both Symantec and McAfee foresee more attention being paid to Vista by malware writers as Vista adoption continues.
Third on Symantec's list is spam, which reached record levels in 2007, according to the company. That may seem improbable given the vast sea of spam in which we've been swimming for the past few years, but spammers' fortunes are buoyed by their ever-rising tide of unwanted messages. Thus, we now have to contend with spam in new bulky flavors -- image spam, PDF spam, MP3 spam, and greeting card spam -- that strains server resources even further.
A tasty irony: Offline, the mafia has long been involved with garbage collection; online, the cyber mafia is in the business of garbage generation and it's the security industry that makes a killing cleaning up.
And, as Williams and others have said, it is a business. Symantec claims that a member of the Fujacks cybercrime gang once boasted, "This is a better money-making industry than real estate."
To sustain that business and improve margins, cybercriminals are creating professional attack kits. That's the fourth-ranked trend on Symantec's list. "Forty-two percent of phishing Web sites observed in the first half of the year were associated with three phishing toolkits," according to Symantec. Kits like WebAttacker and MPack make malicious expertise available globally in an instant, with the only requirements being a download, some IT savvy, and contempt for the law.
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.