Symantec: Online Security Concerns Growing in the Workplace
- By Jabulani Leffall
- 04/14/08
In the world if IT security, it's a well known secret that end users in Windows
processing environments put themselves at risk whenever they check their MySpace
and Facebook pages, or shop for plane tickets, computers and other goods and
services--all while at the workplace.
Now, a pair of reports from Symantec Security Response--including the 13th
annual "Global Internet Security Threat Report" (available as a PDF
here),
released on Tuesday--reveal that such actions may imperil some enterprise
environments, especially given the rise of browser-based hacking and concerns
about security in the Web 2.0 era.
Symantec culled its findings from several sources, including data gathered
from network-monitoring software in the hundreds of countries where the security
software consultancy does business. Symantec also relied on research gleaned
from third-party sources such as other security firms, exploit research sites
and its own security monitoring blogs. The report covers statistics gathered
for the period between July and December of 2007
"What we find increasingly is that these attacks, using the Internet as
a vector, leverage three things: a mature underground economy for hackers, client-side
attack toolkits such as bots, and the wildcard: human behavior in the workforce,"
said Ben Greenbaum, senior research manager for Symantec Security Response.
"And it's unfortunate but true that there is no security patch to block
the vulnerabilities of social engineering."
Among the key findings in Symantec's "Global Internet Security Threat
Report" are some staggering numbers, including the 711,912 new threats
discovered in 2007, compared to just 125,243 in 2006. That's an increase of
468 percent.
The report also highlighted several enterprise system weakness trends which
are germane to IT pros looking to balance the new work/life spillover in their
IT administration space. According to the report, 58 percent of respondent-documented
vulnerabilities in the third and fourth quarters of last year affected Web-based
software or applications. Of those vulnerabilities, 72 percent were deemed "easily
exploitable."