27 April 2010

Internet Security Threat Report

Last week, Symantec published its latest Internet Security Threat Report.

Partial image of the cover from Symantec's report 'Global Internet Security Threat Report, Volume XV, April 2010 - Trends for 2009'

The 95-page report describes Symantec's methodology, findings and recommendations about internet security threats to businesses and individuals. It describes the financial and other losses possible such as damage to reputation and data theft. There is a strong focus on protecting confidentiality and less about how internet threats affect the integrity of data and availability of information systems and business processes.

In the two chapters on Vulnerabilities and Malicious Code Trends, the importance of publicly accessible services (web, mail and FTP) and vulnerabilities in web browsers and web browser plugins in the malware ecosystem are highlighted and recommendations for protecting these servers are provided. The top Web-based attack in 2009 was associated with malicious PDF activity, which accounted for 49 percent of the total.

The chapter on Phishing, Underground Economy Servers, and Spam Trends provides a good insight into how your users may be targetted by third parties hoping to lure them into visiting other web sites. the report makes the important point that "the use of brand(s) in phishing activity can significantly undermine consumer confidence in its reputation". The financial sector continues to be the primary target for phishing attacks, but all types of organisation can be targetted.

Appendix A describes some best practices that businesses (enterprises) and consumers should follow to reduce the risk from internet threats. Many of these relate to using electronic mail and browsing web sites. The slightly more web application related recommendations include employ defense-in-depth strategies, administrators should limit privileges on systems for users, turn off and remove services that are not needed for normal company network operations, test security regularly to ensure that adequate controls are in place, educate management on security budgeting needs, administrators should update antivirus definitions regularly, always keep patch levels up to date, enforce an effective password policy and ensure that emergency response procedures are in place.

A shorter executive summary of the report is also available.

Posted on: 27 April 2010 at 09:15 hrs

Comments Comments (0) | Permalink | Send Send | Post to Twitter

Comments

Comments are filtered automatically and should appear shortly after they been checked.

Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
Internet Security Threat Report
http://www.clerkendweller.com/2010/4/27/Internet-Security-Threat-Report
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/2010/4/27/Internet-Security-Threat-Report
Requested by 38.107.179.223 on Tuesday, 7 February 2012 at 21:13 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2010-2012 clerkendweller.com