Monday, May 7, 2012

New Study Shows Internet Vulnerabilities Drop, Yet Risks Rise

Symantec 2011 Security Trends: Beware Insider Threats

There's some good news on the cybersecurity front, for a change: The number of Internet vulnerabilities identified by Symantec dropped 20 percent last year, according to the security technology company's just-released annual Internet Security Threat Report.

The tone of the rest of the report, however, isn't so optimistic. In fact, it's downright gloomy, as the company cautioned the IT security community about an 81 percent uptick in malicious attacks and the expectation of more to come in 2012.

IT managers jittery about defending their organizations' information systems should look over their shoulders from time to time. The insider, as we've been told time and time again, remains - and is likely to continue to be - one of the biggest threats.
"While external threats will continue to multiply, the insider threat will also create headlines, as employees act intentionally - and unintentionally - to leak or steal valuable data," Symantec notes.
Why? Because we're not doing enough to educate employees and customers about security and risk. Symantec's Global Intelligence Network monitors hacking and Internet attacks in more than 200 countries and territories. It also maintains a database that holds almost 48,000 recorded vulnerabilities from nearly 16,000 global vendors.

So, Symantec's analysis is one of the best available, at least where Internet security threats and trends are concerned. The actual number of Internet vulnerabilities identified by Symantec dropped 20 percent from 2010, and Symantec, for its part, blocked more than 5.5 billion malicious attacks in 2011 -- 81 percent more than it blocked the previous year.

Hacking exposed more than 187.2 million identities last year, Symantec found. But the root of most data breaches is not linked to hacks; it's linked to old-fashioned theft and/or sloppy security, such as through the loss of a laptop.

Symantec does offer advice, such as keeping antivirus software up-to-date and enforcing effective password policies. All important, but without the education piece, we won't have a fighting chance.

Refer here to download the report.

No comments: