That’s according to Microsoft’s latest Security Intelligence Report (SIR) which gleans data collected from approximately 500 million computers worldwide to provide intelligence on global online threats.
The report confirms that attackers are now largely motivated by financial gain and rarely act alone. For example, malware creators seldom conduct attacks themselves, but instead work with other criminals in online black markets to buy and sell malware kits and botnet access, says Desmond Nair, who heads Microsoft South Africa’s Server business.
So-called “bot herders” are also at the core of the professional online threats, knitting together compromised machines into a dark version of a Cloud Computing network, which provide criminals with a set of illicit services to spread spam and malware, all delivered by worldwide collections of infected computers.
“The report provides compelling – and chilling – evidence that cyber criminals are becoming more sophisticated and packaging online threats that are sold on to others. What’s more, we now see clearly that cyber criminals target enterprise and home users differently,” said Nair.
The report found that business networks continue to be most susceptible to worms, while home users are more exposed to malware and socially engineered threats. For example, so-called “419” scams increased in e-mail significantly and rogue security software, which poses as a legitimate security application to deceive users, continues to be an issue for consumers.
Interestingly, breach incidents are twice as likely to occur because of human negligence (lost, stolen or missing equipment) as from malicious attack. This means that by taking well-established protective measures against human negligence, IT professionals can mitigate the impact of a large majority of potential breaches, said Nair.
So what can enterprises and individual home users do?
For businesses, observing security fundamentals can help create a safer, more trusted enterprise. We need to ensure that people are trained in soft skills, create a security culture in an organization, secondly ensure that relevant security process and kept simple and well published and lastly ensure that you are using the correct security technologies for your situations and also ensure that these are kept up to date.
For home users, keeping up to date with the latest security updates, and using the latest versions of browsers, home users can achieve a safer and more trusted Internet experience.
“The bottom line is that new is better when it comes to the security of your software,” said Nair. “Having said that, installing security updates is a fundamental Internet security best practice, regardless of whether you are using latest versions or old software. It’s like servicing your car.”
Nair suggests that home users also switch to a new-generation internet browser, like Internet Explorer 8, which is available as a free download, and is widely seen as the most secure browser on the market.
“A browser like IE6 has been in market for almost 10 years. Think about it for a moment. In 2000, we exchanged data via floppy drives, phishing was something you did at the dam, and there were only 8 million websites on the web. Now there are more than 30 billion – and growing daily. So it’s clear you need to adjust your mindset accordingly, and get the best protection you can.”