FEATURE EDITORIAL

Spyware Posing Greater Threat

Spyware now poses the biggest security threat to organizations, while threats from worms, viruses and browser-based attacks have lessened, this according to research from the Computing Technology Industry Association (CompTIA) released last month. Fifty-five percent of 1,070 organizations surveyed said that the volume of spyware they are combating has increased over the past 12 months.

"Spyware was rarely mentioned as a concern just a few years ago," says John Venator, president and chief executive officer of CompTIA. "It's another example of how information security threats are moving targets that can pose great challenges to even the most security-conscious organization."

According to the report, other security challenges organizations are responding to include lack of user awareness, cited by 54 percent of survey respondents; viruses and worms, 49 percent; authorized user abuse, 44.2 percent; and browser-based attacks, 41.5 percent. The percentages of incidents attributed to viruses, worms and browser-based attacks are down from the prior year's survey. That does not suggest that organizations can become complacent about such threats, notes the report. When organizations were asked to identify the types of security attacks they expect to be challenged by in three years, viruses and worms topped the list:

Virus/worm - 20 percent
Spyware/malware - 14 percent
Wireless access - 9 percent
Email/attachments - 9 percent
Phishing/social engineering/ID theft - 5 percent
Remote access - 5 percent

"To combat the seemingly endless waves of cyber-attacks, we found that organizations plan to increase spending across all areas related to security," Venator said. "Nearly one-half indicate they intend to increase spending on security-related technologies, and another one-third expects to increase spending on security training."

CompTIA commissioned TNS, a global market insight and information group, to conduct the study to identify current IT security practices and highlight security challenges confronted by organizations of varying sizes and sectors. Click here for more on the study.

2007 Security Reports

Messaging security reports are starting to be compiled and it looks like 2007 will be remembered for its diversity. MessageLabs Intelligence 2007 Security Report highlighted the vast number of new tactics, techniques and trojans that entered the security market during the last twelve months.  

MessageLabs noted that spam retained the title of "dominant menace" with annual spam levels reaching 84.6 percent. But rather than just playing the volume game, the report stated that spammers also introduced an additional ten percent of new and previously unknown spam attacks than in 2006. The notorious Storm botnet, which appeared on the threat landscape early in 2007, likely takes some credit for the increased innovation, especially through its distribution of 15 million emails with MP3 attachments, new to the market in October.

"2007 will be a memorable year for the security industry for many reasons. With consumers handing cyber criminals their personal details through social networking sites and the Storm botnet literally taking the market by storm, it has been an attention-grabbing twelve months," said Mark Sunner, chief security analyst for MessageLabs. "Although targeted attacks seem to be high on the threat agenda, the war between businesses and the bad guys significantly heightened in 2007 as new threats appeared from every angle and on every communications channel. If 2008 is as frenzied as this year, businesses need to prepare for battle and ensure they have their protection in place."

Messaging News will cover more 2007 trending and 2008 predictions in the coming weeks. Stay tuned.

Russian Hacker Gang Disappears

SecureNews, Secure Computing's Monthly Newsletter, reports that the notorious Russian Business Network (RBN), widely known for being a willing Internet host for spammers, malware-filled Web sites, and pornography, disappeared from Russian cyberspace and re-appeared in China recently, only to drop off the face of the earth a second time. RBN, until recently based in St. Petersburg, Russia, was known as the ISP of choice for cybercriminals because of its loose policies and willingness to host any Web site operator with no questions asked. The group closed its Russian operation after its upstream bandwidth provider cut ties with the group earlier this month. But now, according to the SecureNews report, they seem to have disappeared, just days after relocating its base of operations in China, and have not since resurfaced.

Many believe the group has closed up shop and is now out of business, but the folks at Secure Computing, note that since cybercrime is such a big business (worth millions of dollars) an operation as large as RBN would likely not give up that easily. The SecureNews report notes that there is a possibility that having "gone dark" in China is simply part of a shell game, to make it seem to observers that they are no longer in existence. Some speculate that the large group may have broken up into several smaller groups, to become less detectable.

MESSAGING NEWS CASE STUDY BRIEF:

PGP and Pitney Bowes: Securing Proprietary and Confidential Information

PGP Corporation recently announced that Pitney Bowes, a provider of mailstream solutions, has standardized on the PGP Encryption Platform to secure proprietary and confidential information. The company is deploying PGP Universal Gateway Email to protect sensitive legal, HR, benefits, and corporate information in communications. Founded in 1920, Pitney Bowes has expanded its offerings to serve the entire mailstream with software, hardware, and services that help more than 2 million customers worldwide create, produce, distribute, and manage mail, documents, and packages. The company must comply with a variety of regulations, including the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act (HIPAA), state data breach notification laws such as California Senate Bill 1386, and the Payment Card Industry Data Security Standard (PCI DSS). As part of an enterprise-wide data security initiative to ensure regulatory compliance, uphold its corporate reputation, and implement security best practices, the company's Enterprise Messaging team was charged with evaluating and selecting an email encryption solution for users who send sensitive information, including Social Security numbers and credit card information, to external partners.

Based on previous experience with PGP products and the fact that Pitney Bowes was already using a PGP technology partner's solution, John Congiu, manager of Enterprise Messaging at Pitney Bowes, chose to deploy the PGP Encryption Platform. According to Congiu, "PGP technology is at the top of most industry lists of information security providers and is probably the most well-known for encryption. A big plus was that the partner could help us with the installation of PGP Universal Gateway Email, and its product integrated with the PGP solution. The partnership, the price and maturity of the PGP solution, the extensive PGP portfolio of enterprise data security products, and PGP Corporation's track record in the industry made it a no-brainer." Congiu also appreciated PGP Universal Gateway Email's support of accepted email standards, and interoperability with popular email solutions, as well as the company's infrastructure.

We welcome your ideas and your news for Messaging Newswire’s News & Trends in Email Security. Let us know what you think by sending your comments to editorial@messagingnews.com. Written or compiled by Stephanie Jordan. All trademarks are the property of their respective owners.

For marketing information on this newsletter or other Messaging News products contact jvictor@messagingnews.com