Microsoft: Security threats still evolving

Security threats are continuing to evolve as hackers find new targets for malware, while businesses must improve their internal communications to combat threats, according to Microsoft.

Speaking at the RSA Conference Europe 2007, Ben Fathi, corporate vice president of development for the Windows Core Operating System Division at Microsoft, said: "It shouldn't come as any surprise that, as we improve the security of the operating systems and the infrastructure on the internet, the attacks are moving to applications and social engineering, including phishing scams."

There has been a 500 percent increase in Trojan attacks, from one million in the second half of 2006 to more than five million in the first half of 2007, according to research sponsored by Microsoft and conducted by the Ponemon Institute.

The survey found three-quarters of companies that admitted to poor communications and collaboration between their marketing, privacy and security divisions had suffered from a data breach — whereas fewer than a third of companies that thought they had good inter-departmental communication reported breaches.

Fathi said IT security is not just about technology. "It's about people and processes too... We need to have the privacy folks talking to the security folks and the marketing folks to have good protection from data breaches."

The keynote also contained some details on the forthcoming Windows Server 2008, which is due to be released on 27 February.

Fathi said the code will be Microsoft's "most secure yet" and will not be released until it is secure. "That has affected our release cycle but it was the right thing to do for our customers," he added.