Web security threats gaining attention at many companies |
 |
By Robert Westervelt, News Editor
10 Sep 2008 | SearchSecurity.com |
|
|
Companies are taking a greater interest in Web 2.0 security threats and taking steps to protect sensitive customer information and intellectual property, according to a new survey released today.
|
|
|
|
|
Since the criminal encrypted and obfuscated the code, it's almost impossible to hold a signature for every piece of malicous code out there.
Yuval Ben-Itzhak,
chief technology officer, Finjan Inc.
|
|
|
|
|
|
|
|
|
|
Security vendor Finjan surveyed more than 1,300 IT and security professionals and found that 91% of all respondents perceive cybercrime as a major business risk. Of those respondents who identified themselves as cheif information officers and CSOs, 73% said they were more concerned about data theft than about downtime or loss of productivity as a result of virus infections.
"They're really understanding the magnitude of the problem when they look at cybercrime today," said Yuval Ben-Itzhak, Finjan's chief technology officer. "It's no longer the temporary productivity issues they used to have when they had a virus."
Finjan conducted the online survey in July. The goal was to assess their concern with respect to data theft and loss of productivity as a result of crimeware attacks, Ben-Itsak said. Many employees are using social websites and blogs, areas were attacks are more abundant, he said.
"People are starting to realize that the methods that criminals are using to distribute their malicious code signatures will not be able to detect them in real time," Ben-Itzhak said. "Since the criminal encrypted and obfuscated the code, it's almost impossible to hold a signature for every piece of malicous code out there."
In May, Finjan researchers uncovered rogue servers containing the sensitive email and Web-based data of thousands of people, including healthcare information, credit card numbers, business personnel documents and other sensitive data. Ben-Itzhak said the servers have been shut down, but the cybercriminals likely moved on to new servers. They also demonstrated how easy it is to find sensitive data with a simple Google search.
"We still find more and more of these servers almost on a daily basis. It's a relatively easy way for cybercriminals to bridge data, collect it and sell it online," Ben-Itzhak said. "The tools they're using are improving, so it's a very dynamic and active community."
Last week, Forrester Research Inc. released the results of its annual survey of 1,200 IT security pros, which found that companies are moving forward with security projects despite the uncertain economy. Fifty-nine percent of those surveyed said their main objective is to protect customer data, followed by protecting corporate intellectual property and sensitive internal data (54%).
IT security budgets are rising too. The amount of IT budget devoted to security has risen to 10% in 2008, an increase of 2% over last year's budget. Khalid Kark, a principal analyst at Forrester Research, suggested that security organizations are making a better case for security projects that fit into the company's overall business objectives. Company executives have also made protection from data breaches a top priority to avoid brand damage as a result of a highly publicized breach.
 |
 |
| |
RELATED CONTENT
 |
Malware, Viruses, Trojans and Spyware |
|
Schneier-Ranum Face-Off: Is antivirus dead?
|
|
Modern malware, stealthy botnets, adapt quickly, expert says
|
|
Computer worm infections up, scareware antivirus down, Microsoft says
|
|
Web-based attacks skyrocket, pirating sites surge, security firms say
|
|
Mini guide: How to remove and prevent Trojans, malware and spyware
|
|
Kaspersky system analyzes malicious URLs on Twitter for malware
|
|
Silon malware intercepts Internet Explorer sessions, steals credentials
|
|
Breach forces payroll service provider PayChoice to shut down again
|
|
RSA research underscores problem tracking cybercriminals
|
|
Conficker analysis finds P2P coding limited, less sophisticated
|
|
|
|
|
|
