Click here to receive your FREE subscription to Campus Technology
News
Symantec: Online Security Concerns Growing in the Workplace
4/14/2008
In the world if IT security, it's a well known secret that end users in Windows processing environments put themselves at risk whenever they check their MySpace and Facebook pages, or shop for plane tickets, computers and other goods and services--all while at the workplace.
Now, a pair of reports from Symantec Security Response--including the 13th annual "Global Internet Security Threat Report" (available as a PDF here), released on Tuesday--reveal that such actions may imperil some enterprise environments, especially given the rise of browser-based hacking and concerns about security in the Web 2.0 era.
Symantec culled its findings from several sources, including data gathered from network-monitoring software in the hundreds of countries where the security software consultancy does business. Symantec also relied on research gleaned from third-party sources such as other security firms, exploit research sites and its own security monitoring blogs. The report covers statistics gathered for the period between July and December of 2007
"What we find increasingly is that these attacks, using the Internet as a vector, leverage three things: a mature underground economy for hackers, client-side attack toolkits such as bots, and the wildcard: human behavior in the workforce," said Ben Greenbaum, senior research manager for Symantec Security Response. "And it's unfortunate but true that there is no security patch to block the vulnerabilities of social engineering."
Among the key findings in Symantec's "Global Internet Security Threat Report" are some staggering numbers, including the 711,912 new threats discovered in 2007, compared to just 125,243 in 2006. That's an increase of 468 percent.
The report also highlighted several enterprise system weakness trends which are germane to IT pros looking to balance the new work/life spillover in their IT administration space. According to the report, 58 percent of respondent-documented vulnerabilities in the third and fourth quarters of last year affected Web-based software or applications. Of those vulnerabilities, 72 percent were deemed "easily exploitable."
The report also found from its respondents that between Apple, Sun Microsystems and Microsoft, it was Redmond that had the shortest security patch research and turnaround time with a six-day flip. On the other hand, Sun's average patch development lead period last year was 157 days.
Here's another development from the report that may foster immediate concern in some IT shops: Of all the patches rolled out by Sun, Microsoft and Hewlett-Packard which were deemed either medium or critical (high-severity), more than 50 percent were intended to fix either Web browser or client-side vulnerabilities in the OS and related applications, or both.
Recommended Reading
- Gates Highlights R&D at CES08, Unveils Microsoft Touch Wall
Microsoft's Chairman Bill Gates spent a lot of time Wednesday talking about "empowering the workers" at the Microsoft's 12th annual CEO Summit 2008 in Redmond, WA, where he gave a keynote speech. However, Gates wasn't talking about political revolutions or even pay raises for office workers before the CEO crowd. Instead, he was referring to new software technologies that can better enable collaboration, social networking and decision-making on the job.
- Vista Vulnerability Study Puts Microsoft on Defensive
Microsoft and some independent security researchers had the blogosphere buzzing Wednesday over a series of denunciations after one company claimed that the Vista operating system was more vulnerable to malware and other exploits than previous operating systems.
- New Blackboard Sync Application Leverages Facebook
Blackboard Inc. today announced Blackboard Sync, an application that allows students to receive course updates and communicate with classmates while logged on to Facebook.
- Standards: The Sooner the Better
Technology solutions work best when they well together. That is why the nonprofit group IMS Global Learning Consortium is developing learning tools interoperability standards for the education technology community...
- U.K. Education Group Escalates Microsoft Complaints
A consultancy to the U.K. government has forwarded complaints about Microsoft's licensing and interoperability practices to the European Commission (EC), according to an announcement issued by the Becta consulting group Monday.
- University Students and Researchers Enjoy JavaOne
The JavaOne conference, held May 6-9 in San Francisco, brought together developers from industry, education, and other markets, filling the Moscone Convention Center with a wide array of sessions and exhibits for the open source Java developer community.
