"Several security threats loom, but a major concern is the increased use of laptops and removable devices coupled with the number of companies affected by reduced IT budgets," said Paul Henry, Lumension security and forensic analyst. "The proliferation of endpoints is a significant security challenge as our research shows network attacks using mobile devices as the entry point into the enterprise network are poised for unprecedented growth this year."
Key Report Findings:
Web-borne malware will continue to thrive: Already in 2009, the industry has witnessed malware-based attacks aimed at social networking sites including Twitter and Facebook. As web-based threats loom, Lumension's look back through history reveals that the threats will continue to build in 2009 until organizations learn to proactively and diligently manage their patching processes. According to Henry, "We need to bring some sanity back to the battle against web-borne malware, the common sense approach of addressing un-patched vulnerabilities needs to take priority over figuring out the next obfuscated delivery method posed by the black hats."
USB device-based data leaks an 'Achilles Heel': Given the increased mobility of the workforce " especially as telecommuting continues to rise due to economic factors " USB devices are abundant in the enterprise. This, coupled with the fact that USB thumb drives tend to be most IT security professionals' "Achilles heel" in terms of their lack of being 100 percent secure such removable media as well as data housed on USBs will continue to be at-risk. This is especially concerning given that a recent Ponemon study, commissioned by Lumension, revealed that 90 percent of IT security practitioners believe portable mobile device usage will increase security risks within their companies in the coming year.
Mitigation tactics need to evolve with botnet tactics: While botnets will continue to change tactics and evolve in ways determined to thwart current popular defenses, Henry points out that the real problem in 2009 is not the botnet threat, but how organizations are mitigating that threat. According to Henry, "Simply put, it [botnets] is a patch management issue " if the machines were patched to the most current software releases available, they would not be compromised in the first place. Until the underlying patch management issue is dealt with, botnets will continue their explosive growth on the public Internet."
Optimal Security Blog Unveiling In tandem with Lumension's Annual Report findings, the company also formally launched its corporate blog " a portal for real-time insight into cybersecurity incidents from lead technical bloggers including Paul Henry, C. Edward Brice, Paul Zimski, and Don Leatham, coupled with high-level trends and insight from Chairman and CEO Pat Clawson. The goal in launching the blog is to provide yet another element to the company's ongoing efforts to be a resource for their customers, partners and the industry at-large that are looking for practical advice, technical expertise and insight into the latest trends in endpoint security.
In addition to ongoing industry-wide commentary, the blog includes regular insight from Pat Clawson in "Clawson's Corner" as well as ongoing podcast recordings and blog entries tied to Patch Tuesday and other big security events from industry pundit Paul Henry in "Security Insights."
"The findings in our annual report reaffirm our stance that a dangerous mix of new threats " both internal and external " is brewing, we view the Optimal Security blog as an invaluable tool for organizations scrambling to stay abreast of the latest threats on the horizon," said Pat Clawson, Lumension Chairman and CEO. "Although everyone is impacted by a slowed economy, the level of new and reenergized malicious attacks hatched each day is a major cause for concern for companies in the coming year. Our hope is that through our ongoing research efforts, coupled with regular communication to end-users via the blog and our endpoint security technical expertise, organizations will be armed with the defense mechanisms needed to win the war against cybercrime in 2009."
For additional insight into the mega trends outlined in this year's survey, please download the full results of the 2009 Annual Report.
About Lumension, Inc.
Lumension, Inc., a global leader in operational endpoint security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Florida, Luxembourg, the United Kingdom, Spain, Australia, India, Hong Kong and Singapore. Lumension: IT Secured. Success Optimized. More information can be found at www.lumension.com.
Lumension, the Lumension logo, are trademarks or registered trademarks of Lumension. All other trademarks are the property of their respective owners