IBM: Users Are The Weak Link in Security

IT users, you are the weakest link. Goodbye.

IBM is warning in a new report that, though widespread virus outbreaks are
on the decline, on the whole online attacks are expected to rise in 2006.
The culprit? Highly targeted attacks that rely on naïve users to help
perpetrate cybercrimes.

According to IBM’s 2005 Global Business Security Index Report, e-mail-borne
viruses were down sharply in 2005 over 2004. In 2004 6.1 percent of e-mails
contained a virus; in 2005 that declined to only 2.8 percent.

David Mackey, director of security intelligence at IBM, explained that
over the course of 2003 and 2004, there was a relatively steady barrage of
global malware outbreaks. The only significant outbreak in 2005 was Zotob.

“It was surprising that we didn’t continue to see the massive outbreaks
where everybody is hit within a couple of hours,” Mackey told “What we’re seeing is more directed targeted attacks, and
we really think that’s because of the financial motivation and the
underground economy driving those things.”

IBM’s report notes that in 2004 there were a “negligible” number of
targeted email attacks while in 2005, they intercepted two to three targeted
email attacks per week. Phishing was also on the rise from one in every 943
emails in 2004 up to one in every 304 emails in 2005.

Targeted phishing
attacks, something IBM refers to as “Spear Phishing” was also on the rise in
2005, typically as a technique to bait users into opening other forms of

Mackey expects that hackers will change their tactics somewhat and
perform more focused botnet powered attacks in 2006. Botnet
networks are comprised of compromised systems that are under the command of
a central operator.

“Moving forward we’ll see smaller cells of dozens or
hundreds of compromised systems doing a coordinated attack, as opposed to the
thousands or hundreds of thousands we saw in 2005,” Mackey said.

The attacker landscape is also expected to shift in 2006 to further
include unsuspecting users to help hackers execute attacks.

“If I’m looking at an e-mail or a Web site that tells me I need to go and
download some software, it’s very difficult to understand where it’s really
coming from and what action I need to take,” Mackey said.

A recent study from MailFrontier found that only 4 percent of users can spot a phished e-mail 100 percent of the time.

“I think that in 2006 we’re going to continue to see the computer user
being the weak link,” Mackey stated.

There are a number of things that enterprises will need to do to protect
themselves against the weak link. One of those items, according to Mackey, is
identity management, because without it, it is very difficult for enterprises to help
keep track of who has access to what.

Education is also seen as being a key to improving security in 2006.

“As we look at computer users as the weak link, it’s really important
that organizations and employees know about the threats, what to look for
and what their responsibilities are in regards to keeping the enterprise
safe,” Mackey said.

News Around the Web