"The numbers of viruses, worms, Trojans and other, malicious programs aimed at PC users has now surpassed 100,000" according to McAfee (Tuesday, 21 September, 2004).
McAfee, and many other anti-virus firms, are seeing 25-50 new viruses or variants of old ones every day. For example, the current number 1 on Trend Micro’s list of top five security threats is the NetSky.P worm. The variants of NetSky have been prominent in IT and mainstream media for the majority of this year infecting networks through email attachments that, at first, appear to be official documents. NetSky, along with other worms, MyDoom, Sasser and SoBig, racked up an estimated £8 billion in combined damages, worldwide in the last 2 years.
Anti-virus software is becoming more effective to fight the new strains of viruses and worms, but is still a reactive form of defense. Anit-virus software, in some circumstances, is used to resolve damage caused by a virus rather than prevent it in the first place.
Although viruses are one of the most feared IT security threats, there are many other issues organizations must consider in today’s evolutionary technological industries in order to keep their IT infrastructures safe.
The 2003 CSI/FBI Computer Crime & Security Survey results still conclude that over half of known IT security breaches occur from within organisations.
Disgruntled or former employees pose a threat to any business and can gain access to internal systems relatively easily. Confidential company information can be used maliciously by employees either hacking into servers and files or by utilizing hacking tools readily available via the Internet and with a higher concentration of computer literate workers these risks are even more significant.
Even trusted employees can, unwittingly, cause major disruption to organizations. Security breaches that affect the financial bottom line are not just in the form of externally or internally introduced viruses that infiltrate and damage the network. Other factors to contemplate are legal threats and loss of productivity which could bring about consistent financial loss if not identified and addressed.
Peer-to-peer file sharing has become an extremely popular pass-time, especially during company working hours and with audio and video files having unlimited sizes, it is easy to understand the network bandwidth issues that may arise. The requirement to upgrade hardware to compensate for lack of storage or the threat of virus propagation on the network can be costly, as can the loss of productivity whilst engaged in this activity.
Games and animations can also affect user productivity. These can easily be introduced onto the network and distributed between peers as the majority of standard operating system security measures are weak.
Internet access is crucial to most businesses and the security threats that can be introduced by it are notorious. Emerging Internet threats include spyware and adware technologies, which have the ability to install themselves on machines without users’ knowledge. These types of programs can collect and transmit information, such as key-strokes and Web-surfing behavior, but more importantly can reveal passwords and other sensitive information.
Inappropriate content is a controversial and worrying threat to today’s enterprise. Through the Internet or peer-to-peer file-sharing, employees have the ability to download or share pornographic content. Not only can these cause detrimental effects on company reputation, but could leave the organisation liable to legal action. Both scenarios could result in financial losses.