RealTime IT News

IBM: Users Are The Weak Link in Security

IT users, you are the weakest link. Goodbye.

IBM is warning in a new report that, though widespread virus outbreaks are on the decline, on the whole online attacks are expected to rise in 2006. The culprit? Highly targeted attacks that rely on naïve users to help perpetrate cybercrimes.

According to IBM's 2005 Global Business Security Index Report, e-mail-borne viruses were down sharply in 2005 over 2004. In 2004 6.1 percent of e-mails contained a virus; in 2005 that declined to only 2.8 percent.

David Mackey, director of security intelligence at IBM, explained that over the course of 2003 and 2004, there was a relatively steady barrage of global malware outbreaks. The only significant outbreak in 2005 was Zotob.

"It was surprising that we didn't continue to see the massive outbreaks where everybody is hit within a couple of hours," Mackey told internetnews.com. "What we're seeing is more directed targeted attacks, and we really think that's because of the financial motivation and the underground economy driving those things."

IBM's report notes that in 2004 there were a "negligible" number of targeted email attacks while in 2005, they intercepted two to three targeted email attacks per week. Phishing was also on the rise from one in every 943 emails in 2004 up to one in every 304 emails in 2005.

Targeted phishing attacks, something IBM refers to as "Spear Phishing" was also on the rise in 2005, typically as a technique to bait users into opening other forms of malware.

Mackey expects that hackers will change their tactics somewhat and perform more focused botnet powered attacks in 2006. Botnet networks are comprised of compromised systems that are under the command of a central operator.

"Moving forward we'll see smaller cells of dozens or hundreds of compromised systems doing a coordinated attack, as opposed to the thousands or hundreds of thousands we saw in 2005," Mackey said.

The attacker landscape is also expected to shift in 2006 to further include unsuspecting users to help hackers execute attacks.

"If I'm looking at an e-mail or a Web site that tells me I need to go and download some software, it's very difficult to understand where it's really coming from and what action I need to take," Mackey said.

A recent study from MailFrontier found that only 4 percent of users can spot a phished e-mail 100 percent of the time.

"I think that in 2006 we're going to continue to see the computer user being the weak link," Mackey stated.

There are a number of things that enterprises will need to do to protect themselves against the weak link. One of those items, according to Mackey, is identity management, because without it, it is very difficult for enterprises to help keep track of who has access to what.

Education is also seen as being a key to improving security in 2006.

"As we look at computer users as the weak link, it's really important that organizations and employees know about the threats, what to look for and what their responsibilities are in regards to keeping the enterprise safe," Mackey said.