Business end-users are more concerned with protecting their online privacy than they are about securing their systems against malware attacks.
This is according to David Jacoby, senior security researcher at Kaspersky global research and analysis team.
According to Jacoby, businesses spend too much time focusing on new vulnerabilities and security threats, and fail to protect their systems against older threats and malware attacks.
“If I were a malware writer, I would store malware on a compromised Linux server. This is because we found that not many people run anti-virus software on Linux.”
Jacoby says more needs to be done to change the end-user mindset. “In many cases, the security industry is still falling behind cyber criminals.”
Most security threats can be prevented by simply configuring security functions in the operating system, explains Jacoby.
“Organisations need to make sure that even if their network gets hacked, the attacker will not be able to access the data. Every company network and Web site has vulnerabilities, but if the exploit is successful, information should be difficult to access and extract, and this needs to be managed with configurations.”
He adds that end-users still use weak passwords. “Even if a hacked system doesn't have any business secrets; the stolen passwords can still lead a hacker to exploit another system's and the problem escalates.”
“Even security software potentially has vulnerabilities, so a company needs to have the proper mixture of security in the system - firewalls, as well as time invested in educating business end-users all the way to the management level.”
He adds: “The security vendors and companies offering Internet services need to do more to educate users. Small things such as an e-mail address can be sold on the black market.
“We've seen how more people believe that the most important thing is to protect their Facebook user account, yet they don't even have an anti-virus installed.”
Jacoby predicts this year will see more Web-related attacks and servers being compromised by hackers, which, in turn, will be used to compromise other computers in order to steal information to sell on the black market.
“We will also see many more 'drive-by downloads' this year, where the user just needs to visit the malware-infected Web site to be infected.
Acrobat Reader was the most exploitable application for 2010. He says there will be a resurgence of old Java- and Flash- based exploits becoming more widespread.
Jacoby adds: “Most people use the operating system's configuration default settings. It doesn't matter how many anti-virus solutions are globally sold, without education and awareness around security protection, all our efforts will be fruitless.”
According to Kaspersky, no matter how worthless users' personal data or online accounts may seem, they are a potential goldmine for cyber criminals.
The security company states in its threat report on the value of leaked data, from the close of 2009, the number of malicious programs designed to steal any type of users' personal data has increased by more than 100%.
The number of banking Trojan signatures introduced into Kaspersky Lab's databases exceeded 25 000 in 2010, which is more than five times higher than in 2006.
According to the security vendor, stolen Facebook accounts can cost up to several hundred dollars on the black market.
Share