Report Spotlights Changes in Cybersecurity Landscape

Last week I wrote about one of the most questionable IT security reports I’ve ever come across. Today, we’ll look at one of the good ones: Symantec’s Internet Security Threat Report.

The report, released earlier this week, is a review of 2011 cybersecurity trends. It’s usually a good sign when a year-in-review report isn’t released until March of the following year, because the delay suggests that the writers really thought about what they were doing instead of putting together a rush job to have out in January.

Here are some of the more interesting/odd facts contained in the report:

• Hackers are no longer targeting only CEOs and senior executives: “58 percent of the attacks are going to people in other job functions such as Sales, HR, Executives Assistants, and Media/Public Relations. This could represent a trend in attackers focusing their attention on lower hanging fruit. If they cannot get to the CEOs and senior staff, they can get to other links inside the organizations. It is also interesting to note that these roles are highly public and also likely to receive a lot of attachments from outside sources.”
• Pornography sites are safer than religious or political pages. Purveyors of smut have apparently cleaned up their acts. In a list of the top 10 types of websites likely to be infected with malware, pornography sites ranked last. Right on top of the “pron” sites were health and medicine and automotive sites.  Blogs and Web communications, including religious websites were identified as leading threats.
• The real profits are in mobile attacks:  Mobile vulnerabilities were up 93.3 percent over 2010. “Malware that sends premium SMS text messages can pay the author USD $9.99 for each text and for victims not watching their phone bill could pay off the cybercriminal countless times.”
• The United States is a much bigger source of cybercrime than China: America remains the top source for most types of malicious cuber activity, with the exception of malware creation and the use of spam zombies. About 13 percent of all bot activity, 34 percent of Web based attacks and nearly half of all phishing websites were American made (or at last U.S.-based). China actually saw a 10 percent drop in malicious activity between 2010 and 2011.
• Data breaches affect hundreds of millions: Around 1.1 million identities were exposed per major data breach last year. More than 232 million identities were exposed overall in 2011, and 93 percent were stolen from computer software, IT and healthcare sectors.

I do have one complaint about the report, however: the wacky graphics.  They are way, way too busy and having so much going on on one page just overwhelms the reader. (The example above doesn’t even show all the graphics on that page.) I’m not suggesting that we stick to those boring old pie charts and graphs, but if you’re going to use a graphic it should, you know, actually add something to your report.