IBM: Cyber crooks to target employees this year

Perpetrators will shift focus from the masses to specific targets within organizations, according to an IBM study.

Smaller and stealthier cyber attacks aimed at extorting funds from specific organizations will be the order of the day this year, says IBM.

According to IBM's global business security index report, the global IT threat landscape spent the majority of 2005 hovering at the medium security level. While the Zotob worm gained international attention, affecting well-known media organizations, there were fewer global malware outbreaks than the previous year, IBM said.

With software and networks becoming more secure, IBM anticipates that many cyber criminals may target the most vulnerable access point within a company--its employees--to execute an attack.

"The decrease in pervasive attacks in 2005 is counter-intuitive to what society at large believes is a major threat to their personal data," Tay Yong Hung, executive at IBM Global Services, said in a statement.

Tay added: "IBM believes that the environment has shifted. With increased security protection on most systems and stiffer penalties, we are seeing organized, committed, and tenacious profiteers enter this space. This means that attacks will be more targeted and potentially damaging. Organizations around the world must move quickly and work together to address this growing challenge."

IBM also predicted that this year, cyber criminals will take advantage of poor international cooperation against cyber crime and launch cross-border attacks. It will be more difficult to trace the attacks back to their source, especially when trends show attacks are increasingly originating from regions such as Eastern Europe and Asia, where sanctions are more lenient and enforcement is limited, IBM said.

The report also warned about upcoming security threats coming from the increased popularity of blogging and instant messaging.

For example, blogging could increase the possibility of leakage of confidential business data and newer botnets, a collection of software robots that allow a system to be controlled without the owner’s knowledge, will likely move to instant messaging and other peer-to-peer networks for command and control of infected systems, said IBM.