We all know not to fall for the e-mail from the Nigerian prince with the $2 million he needs to transfer, but with malware cropping up on legitimate Web sites like the New York Times and CBS, users can never be sure when their computers are susceptible to an attack.
“Ten years ago, it was hackers getting through my firewall,” said Peter Beardmore, senior product marketing manager for Kaspersky Lab, a Woburn, MA-headquartered computer security software company. “Now as we become much more connected … the real issue has become: do you have the protection that addresses the pervasive threats that are out there today?”
The malware landscape does not look good. In a recent security seminar put on by Kaspersky in Markham, ON to launch its new Open Space Security (Release 2) product, a company “security evangelist” stressed that as cybercrime in the U.S. continues to rise (275,000 reports last year compared to 207,000 in 2007) and the estimated losses amount to billions of dollars ($265 billion in 2008), organizations need to take a more proactive role in ensuring that network security is as robust as it can be.
“The main thing is the fact that a lot of malware that’s out there these days is not necessarily being served by malicious Web sites,” said Dennis Fisher, editor of ThreatPost.com and Kaspersky security specialist. “It’s being served on legitimate Web sites that have been compromised and unbeknownst to their owners, are serving malware thru drive-by downloads.”
While the recent phenomenon has caught the attention of the security community, “it’s not necessarily being highlighted much outside of that small echo chamber,” Fisher said.
Other than click-happy home users, it’s SMBs that seem to be the most susceptible to security attacks, according to Fisher. “A lot of smaller businesses just don’t have the resources to devote to security,” he added. “They might have, depending on the size of the business, one or two full-time IT people but they almost certainly don’t have a dedicated security person.”
