The global IT threat remained at a medium level for most
of 2005, according to IBM's 2005 Global Business Security Index
Report, which also offers BCS members an insight into some of the
potential security threats in 2006.
Notable in 2005 was the criminal element motivating many IT
attacks, said the report. High-profile arrests of cybercriminals
around the world pointed to primarily financially motivated
individuals linked to organised crime.
With software and networks becoming increasingly secure, IBM
anticipates that many of these criminals will target the most
vulnerable access point within an organisation - its personnel - to
execute an attack.
"IBM believes that the environment has shifted. With increased
security protection on most systems and stiffer penalties, we are
seeing organised, committed, and tenacious profiteers enter this
space. This means that attacks will be more targeted and
potentially damaging," said Cal Slemp, vice-president of IBM's
security and privacy services.
"Organisations around the world, from the public and private
sectors, must move quickly and work together to address this
growing challenge."
The report highlighted the following potential threats for
2006:
- Cybercriminals taking advantage of poor international
co-operation against cybercrime and launching cross-border attacks.
The threat to and from emerging and developing countries is
increasing.
- The increased use of collaboration tools, such as blogging will
increases the possibility of leakage of confidential business
data.
- Botnets - a collection of software robots that allow a system
to be controlled without the owner's knowledge - will continue to
represent one of the biggest threats to the internet. Newer,
smaller botnets will move to instant messaging and other
peer-to-peer networks for command and control of infected
systems.
- Mobile devices - malware affecting mobile phones, PDAs and
other wireless devices increased substantially in 2005, but have
not yet materialised into pervasive outbreaks since they cannot
spread on their own - yet.
The report examined the security threats from 2005 and identified
the following trends: - Targeted e-mail attacks, generally financially, competitively,
politically or socially motivated, were often directed at
government departments, military organisations and other large
companies.
- Spear phishing, where criminals bombard businesses with highly
targeted spam that appears as though it has originated from inside
the organisation, typically from the IT or HR departments, is on
the increase.
Individuals are duped into thinking the e-mails are legitimate and
unwittingly reveal information that enables access to restricted
areas of the corporate network. Spear phishing has also been used
to bait people into opening malware. - Overall, viruses delivered via e-mail were on the decline in
2005. Only 2.8% of e-mails contained a virus or Trojan in 2005,
compared with 6.1% in 2004.
- The rise in phishing activity was possibly due to the increased
use of botnets to pump out massive volumes of scam e-mails, as
cyber-criminals looked to increase their profits through more
aggressive targeting.
- Malware ingenuity - there was a rise in blended and
increasingly complex threats with the integration of bot
capabilities into existing malware.