Home & Office

Race against cybercrime continues

It's business as usual for IT security professionals battling cybercriminals who seek new ways of targeting individuals and corporations using tried-and-tested methods.
Written by Vivian Yeo, Contributor

Security, say analysts and vendors, will continue to dominate the agenda of enterprises in 2007.

Research analyst IDC believes that security-related acquisitions, following the likes of Cisco, IBM and EMC, will continue.

Infrastructure management vendors are focusing on security--be it as a built-in feature or a product or service offering---so as "to grab a bigger piece of the infrastructure software pie", according to Willie Low, IDC's market analyst for security research in the Asia-Pacific region. IDC estimates the infrastructure software market will reach US$3.8 billion by 2010 in the Asia-Pacific region, excluding Japan.

In addition, as data and identity theft remain a top security concern, relatively mature markets in Asia will increasingly turn their attention on identity and access management, endpoint security, application security and data security, said Jay Tan, industry manager at consulting company Frost & Sullivan.

"There is also growing pressure on businesses to address issues such as identity management and data integrity and availability in the business supply chain and online services," Tan added.

Security vendors and IT administrators also expect to continue to wage war against malicious hackers and cyber menaces intent on profiteering from enterprises and individuals. And not only are big corporations at risk, small businesses are not spared from cybercrime either.

According to patch management vendor PatchLink, corporate IT security budgets are expected to increase in 2007. What will they protect against? ZDNet Asia highlights some of the security issues worth watching out for in 2007.

Spam: The never-ending story
Spam has, contrary to what Microsoft Chairman Bill Gates predicted in 2004, not vanished from people's lives. Businesses' mailboxes have been inundated with unsolicited e-mail messages more now than before.

A report released at the end of December by Commtouch Software, which provides messaging software and protection, indicated that spam to businesses in 2006 had jumped 50 percent over 2005. Spam sent to corporate mailboxes accounted for 78 percent of all spam in 2006, compared to 52 percent the year before. Global spam volumes, including spam to individuals, reportedly reached 1,700 terabytes a day.


What's hot
Spam in the enterprise is a growing problem.

Bottom line:
Spam in the corporate environment in 2006 jumped 50 percent over 2005, despite the greater awareness, according to a Commtouch Software report.

At least two trends--the rise of zombie networks and the growth in phishing attempts support the prediction by Sophos Co-founder Jan Hruska that spam will not be eradicated by 2008.

Danger lurks in the phone
2006--the supposed year mobile malware became a significant threat--came and went, with some drama on the mobile malware front. The most significant development in the mobile security space was undoubtedly the discovery of a Trojan that attempts to infect PCs from a smart phone.

Statistics from F-Secure show that there are now over 300 known mobile malware, more than double that in December 2005. Fortinet has also reported that Symbian variants that propagate via MMS (multimedia message service) have at their peak found their way into nearly 75 percent of MMS messages in 2006, compared to only 5 percent the year before. McAfee, on the other hand, expects for-profit malware and spyware designed for the mobile platform to rise in 2007.

The issue of mobile viruses has been a bone of contention among security vendors, some of whom claim that mobile malware is overhyped. However, F-Secure's Runald noted that Bluetooth viruses are "quite prevalent in Malaysia", where he is based. He added that F-Secure malware researchers are able to detect mobile viruses on a daily basis in the vicinity of the company's security lab in Kuala Lumpur.

New technologies, new targets
Cyber crooks are finding a new playground with the rise of Web 2.0. Attacks on social networks such as MySpace surfaced during the year, along with reports of cross-site scripting vulnerabilities.

Security players such as McAfee and F-Secure have predicted that these attacks are only the beginning and that more can be expected in the year ahead. TippingPoint, owned by 3Com, has also highlighted the increase in zero-day threats to Web applications.

It is still early days yet for Web 2.0 in the corporate world, but with threats looming in the background, enterprises will do well to find ways to mitigate the risks as they strive to enhance usability and responsiveness of Web applications.

Editorial standards