Sophos has released its Security Threat Report: 2010. Following its last report, taken in mid-2009, this report looks at the entire 2009 year in terms of cybercrime and looks ahead to the trends that are emerging for 2010.
As we've seen highlighted in many other reports throughout the year, 2009 was known for the prominence of cybercrime through social media platforms such as Facebook and Twitter. The report indicates that social networks became one of the most significant vectors for data loss and identity theft.
Interesting data from the report:
- Firms reporting spam and malware attacks via social networks was up by 70%
- 72% of firms believe that employees’ behaviour on social networking sites could endanger their business’s security
- Social networking spam, phishing and malware reports all increased over the year. For example, spam reports were up 33% in April and 57% by December
- Legitimate sites compromised to host malware now rival sites specifically set up for malware distribution
- The US continues to lead as the top malware-hosting country (37.4%)
Businesses perceive Facebook and Twitter as the biggest risks to security (of all social networks). This perception is not only due to the highly publicized risks (particularly malware) but also due to the difficulties to control such sites.
Companies find it impractical to blanket block these sites, particularly as their use in corporate communications becomes more widespread. Therefore, methods to watch for data loss via these vectors becomes more difficult. Training takes the forefront in terms of prevention. Does your security policy state what information is safe to share online, and what not? Do you have data monitoring in effect to know where your sensitive data is and who is accessing it?
Download the report here [PDF].