Microsoft Research Reveals New Trends in Cybercrime Microsoft Corp. today released research showing an acceleration in
the number of security attacks designed to steal personal information
or trick people into providing it through social engineering.Microsoft’s
most recent Security Intelligence Report, a comprehensive analysis of
the threat landscape, shows that attackers are increasingly targeting
personal information to make a profit and are threatening to impact
people’s privacy. The report found that during the first half of 2007,
31.6 million phishing scams were detected, an increase of more than 150
percent over the previous six months. The study also shows a 500
percent increase in trojan downloaders and droppers, malicious code
used to install files such as trojans, password stealers, keyboard
loggers and other malware on users’ systems. Two notable families of
trojans detected and removed by the Microsoft Malicious Software
Removal Tool are specifically targeted at stealing data and banking
information.Microsoft also released findings from a recent
survey of more than 3,600 security, privacy and marketing executives
across a variety of industries in the United States, the United Kingdom
and Germany, including financial services, healthcare, technology and
government. Conducted by the Ponemon Institute LLC, the study found
that as security threats increasingly target personal information, more
collaboration among security and privacy officers is critical to avoid
costly compromises or breaches of personal information.The study
for the Microsoft Trustworthy Computing Group, titled “Microsoft Study
on Data Protection and Role Collaboration Within Organizations,†found
that organizations with poor collaboration were more than twice as
likely as organizations with good collaboration to have suffered a data
breach in the past two years. Ben Fathi, corporate vice
president of development for the Windows Core Operating System Division
at Microsoft, presented the research in a keynote address to
information security professionals at the RSA Conference Europe in
London. Scott Charney, corporate vice president of Microsoft’s
Trustworthy Computing Group, will also share the results in his keynote
address at the International Association for Privacy Professionals
Privacy Academy in San Francisco later today.“As a company
committed to providing privacy and security solutions for our
customers, we will continue to evolve our products, practices and
processes as security and privacy become increasingly interdependent
and as threats evolve,†Charney said. “There is no one-size-fits-all
solution for organizations looking to effectively collaborate and
protect data, but we hope this research will be a good resource for
companies thinking about how to approach this.â€Security and Privacy Threats Converge Under New Attacks As
more people communicate, access and share information online and the
delivery of services and information becomes more personalized,
organizations are collecting larger amounts of personal information to
provide services to customers. Increasingly, organizations need to
share information and conduct business across borders and devices, and
with a wide range of internal and external stakeholders. For
cybercriminals, these factors represent greater opportunities to steal
personal information.“As the security of the operating system
improves, we are seeing cybercriminals becoming more sophisticated,
diverse and targeted in their methods of stealing personal
information,†Fathi said. “Personal information is the currency of
crime, and malicious attackers are targeting it to make their
cyberattacks and other scams more authentic, credible and successful,
and to make a profit.â€Microsoft’s Security Intelligence Report
provides customers and partners with a comprehensive understanding of
the types of threats Microsoft customers face today so they can take
appropriate action to help ensure they are better protected both now
and in the future. According to the latest report, released today,
during the first half of 2007, there was a growing number of security
attacks by trojans, which often target personal information, and an
upward trend in the use of malware to compromise the privacy and
security of user machines. In that same time period, backdoors, a
category that includes bots, posed the most significantly increasing
threat to instant messaging users as attackers continue to use them to
control systems and violate user privacy.The Relationship Between Security, Privacy and Data Use FunctionsWith
security threats increasingly posing a greater threat to privacy, data
protection requires involvement from several groups within an
organization that typically have different objectives and
responsibilities. The research conducted by the Ponemon Institute
showed that where the collaboration between security and privacy
functions is good, the risk of a data breach is lower. Seventy-four
percent of companies that admitted to poor collaboration said they had
experienced one or more significant data breaches in the last two
years. However, only 29 percent of companies that claimed to have good
collaboration reported one or more breaches in the same period.The
research indicates there are tensions within organizations over how
data should be managed. Security and privacy professionals see customer
data as an asset to protect, while in functions such as marketing where
personal data is collected and used, employees are more likely to see
it as a resource to achieve business objectives. Conversely,
representatives from all three functions agree that the theft or loss
of customer data has a potentially damaging impact on brand value and
organizational reputation.“A lot of companies are struggling
with approaching data protection holistically, because security and
privacy people often don’t even speak the same language and often
report to different parts of the company,†said Rob Enderle, principal
analyst at the Enderle Group. “Understanding the issues and getting
security, privacy and business leaders together to discuss ways to
approach this collaboratively is a good first step for organizations.â€One
finding in particular from the survey provides evidence that some
organizations struggle to align security, privacy and marketing
functions. According to the research, 78 percent of security and
privacy executives said they were confident that their marketing
colleagues consult them before collecting or using personal
information. However, only 30 percent of marketers said they actually
do so.Another key finding from the research found that
preserving or enhancing an organization’s reputation and trust is
important, especially for marketing professionals. More than 65 percent
of marketers who collect and use data reported that preserving or
enhancing the organization’s reputation and trust was among the most
important business drivers for data protection. Avoiding threats is the
top business driver for security professionals, and regulatory
compliance is the top driver for privacy and compliance professionals.
This finding suggests that when approaching data protection issues with
marketers, security and privacy professionals will benefit from
communicating the reputation and trust impacts associated with a lack
of focus on avoiding threats of managing compliance.
Send via e-mail | Submit to Digg | Add to Live Favorites
http://feeds.feedburner.com/~r/binkdotnu/~3/173769293/microsoft-research-reveals-new-trends-in-cybercrime.aspx
