This article can also be found in the Premium Editorial Download "Information Security magazine: Nine tips to guarding your intellectual property."
Download it now to read this article plus other related content.
As thrill seekers fade away, organizations must contend with skilled attackers wielding sophisticated, stealthy tools in their drive to steal data for financial gain.
Browser malware that executes fraudulent financial transactions. Botnets so powerful they can knock websites offline for days. Drive-by infections that install keyloggers on the PCs of website visitors. Stealthy malware adept at self-preservation. As organizations erect barriers to protect their data, attackers are unleashing new new types of computer crime and advanced ways of finding and exploiting weaknesses. The threat landscape is one of professional, highly skilled online criminals who create, buy or trade advanced tools that allow them to steal confidential company data, disrupt business operations or snatch logon credentials and other personal information. The teen-aged script kiddies who focused on compromising systems for fame and game are receding into the distant past. Today's profit-minded attackers are more likely to carry a briefcase than a skateboard. As defenders against these organized cybercriminals, security managers have inherent disadvantages.
Organizations are single entities with relatively static measures for protecting data -- it takes time to adjust the IT security architecture, update personnel skills and deploy new defensive technologies. In contrast, the number of adversaries is virtually unlimited. If some of them happen to employ ineffective
How can you repel that which you do not expect? One way to keep up with the cyberspace arms race while fending off attacks on information resources is to stay abreast of the new and emerging types of computer crime.
This was first published in May 2007