Sophisticated and Innovative, Cybercrime Flourishes in 2008

By Matthew Harwood

The frequency and sophistication of cyberattacks have escalated throughout 2008, reports the San Diego-based Cisco Systems.

"We've seen a streak of capitalism to maximize their profits and an ability for them to work together in ways that are truly mind boggling,"  Patrick Peterson, Cisco fellow and chief security researcher, told Information Security magazine.

The Internet solutions company's Annual Security Report, released today, catalogues five major Internet and network security developments over the past year.

First, spam has exploded: 90 percent of the 200 billion messages sent each day comprise spam. Second, disclosed vulnerabilities have risen by 11.5 percent over 2007. Third, virtualization products have become less secure: vulnerabilites have grown three-fold over 2007 as more companies embrace the new technology to increase cost-efficiency and productivity. Fourth, threats from legitimate sites have grown by 90 percent as botnets increasingly infiltrate such sites and redirect traffic to fake Web sites. Fifth and finally, nearly one-tenth of the top three Web mail providers' e-mails—Google, Microsoft, and Yahoo— were spam.

Spammers have increasingly sent their spam mail through these recognizable Web mail providers because it increases the chance spam will not get blocked by spam filters, Cisco reported.

In 2009, Cisco says its researchers will track the following threats closely: insider threats, data loss, and new tools.

As the economy slumps, Cisco warns employers that disgruntled or negligent employees may compromise their network and information security. The company also recommends firms invest in technology, education, and clear, well-enforced data protection policies to stop careless employees and hackers from exposing critical data that could lead to financial loss. And while firms invest in virtualization products such as "cloud computing" to increase employee efficiency and productivity, security personnel will have to remain vigilant as the  "increasing number of devices and applications in use can make the expanding network more susceptible to new threats."

"Organizations can lower their risk of data loss by fine-tuning access controls and patching known vulnerabilities to eliminate the ability for criminals to exploit holes in infrastructures," said Peterson. "It is important to upgrade applications, endpoint systems, and networking equipment to help ensure that corporate systems run smoothly and minimize risk."


Activity must now be viewed through Security's prism

I like to pass along things that work, in hopes that good ideas make their way back to me.  Data breaches and thefts are due to a lagging business culture – and people aren’t getting the training they need.   As CIO, I look for ways to help my business and IT teams further their education.   Check your local library:  A book that is required reading is "I.T. WARS:  Managing the Business-Technology Weave in the New Millennium."  It also helps outside agencies understand your values and practices.

The author, David Scott, has an interview that is a great exposure: -  

The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text.  It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action. 

In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a breach.


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.