Click here to receive your FREE subscription to Campus Technology
News
Symantec: Online Security Concerns Growing in the Workplace
4/14/2008
In the world if IT security, it's a well known secret that end users in Windows processing environments put themselves at risk whenever they check their MySpace and Facebook pages, or shop for plane tickets, computers and other goods and services--all while at the workplace.
Now, a pair of reports from Symantec Security Response--including the 13th annual "Global Internet Security Threat Report" (available as a PDF here), released on Tuesday--reveal that such actions may imperil some enterprise environments, especially given the rise of browser-based hacking and concerns about security in the Web 2.0 era.
Symantec culled its findings from several sources, including data gathered from network-monitoring software in the hundreds of countries where the security software consultancy does business. Symantec also relied on research gleaned from third-party sources such as other security firms, exploit research sites and its own security monitoring blogs. The report covers statistics gathered for the period between July and December of 2007
"What we find increasingly is that these attacks, using the Internet as a vector, leverage three things: a mature underground economy for hackers, client-side attack toolkits such as bots, and the wildcard: human behavior in the workforce," said Ben Greenbaum, senior research manager for Symantec Security Response. "And it's unfortunate but true that there is no security patch to block the vulnerabilities of social engineering."
Among the key findings in Symantec's "Global Internet Security Threat Report" are some staggering numbers, including the 711,912 new threats discovered in 2007, compared to just 125,243 in 2006. That's an increase of 468 percent.
The report also highlighted several enterprise system weakness trends which are germane to IT pros looking to balance the new work/life spillover in their IT administration space. According to the report, 58 percent of respondent-documented vulnerabilities in the third and fourth quarters of last year affected Web-based software or applications. Of those vulnerabilities, 72 percent were deemed "easily exploitable."
The report also found from its respondents that between Apple, Sun Microsystems and Microsoft, it was Redmond that had the shortest security patch research and turnaround time with a six-day flip. On the other hand, Sun's average patch development lead period last year was 157 days.
Here's another development from the report that may foster immediate concern in some IT shops: Of all the patches rolled out by Sun, Microsoft and Hewlett-Packard which were deemed either medium or critical (high-severity), more than 50 percent were intended to fix either Web browser or client-side vulnerabilities in the OS and related applications, or both.
Recommended Reading
- RIAA Outsources Fingering of Students Who Share Music Illegally
The RIAA is outsourcing the hunt for music thieves. Its largest target currently is those who operate from within colleges and universities, a move that has piqued the attention of Educause.
- Microsoft Expands Education Footprint in Asia Pacific Region
Microsoft Chairman Bill Gates announced new partnerships to extend accessibility and computer literacy in the Asia Pacific region during a speech in Jakarta at a government leader gathering earlier this week.
- IT Struggling Over Security, Compliance
IT pros are having a hard time balancing security, software patch management and IT auditing with a host of other duties, according to a survey released Monday by Shavlik Technologies.
- Toronto College Upgrades Network with Gigabit Ethernet Wireless Links
Toronto-based George Brown College has gone public about its deployment of six BridgeWave GE60 wireless links to upgrade its campus-wide network.
- Gates Highlights R&D at CES08, Unveils Microsoft Touch Wall
Microsoft's Chairman Bill Gates spent a lot of time Wednesday talking about "empowering the workers" at the Microsoft's 12th annual CEO Summit 2008 in Redmond, WA, where he gave a keynote speech. However, Gates wasn't talking about political revolutions or even pay raises for office workers before the CEO crowd. Instead, he was referring to new software technologies that can better enable collaboration, social networking and decision-making on the job.
- Vista Vulnerability Study Puts Microsoft on Defensive
Microsoft and some independent security researchers had the blogosphere buzzing Wednesday over a series of denunciations after one company claimed that the Vista operating system was more vulnerable to malware and other exploits than previous operating systems.
