IDC - Web-borne Threats Rise, SaaS Follows
A new report issued by researchers at IDC charts the continued proliferation of Web-based attacks and predicts that hosted security service providers may benefit from the activity.
In a piece that specifically highlights the growth potential of Purewire, a provider of SaaS online malware filtering services, IDC analyst Brian Burke reports that Web attacks are likely only going to get more varied and complex in the future.
As a result, organizations will need to re-assess their defensive mechanisms to protect users from hidden threats lurking on legitimate sites that have been hacked, and other types of online schemes. Burke also highlighted the growing dangers related to social networking sites and other so-called Web 2.0 applications.
"Hackers and cybercriminals are increasingly leveraging the Web to distribute malware and perpetrate identity theft, financial fraud, and corporate espionage," Burke writes. "As a growing number of Web 2.0 applications make their way into the enterprise, they bring with them even more security concerns and attack vectors."
A recent IDC study found that two-thirds of organizations are currently using at least one Web 2.0 application. Roughly 70 percent of all organizations already view Web 2.0 as a serious concern for data loss, the company's latest studies indicate.
"Virus writers and hackers are increasingly leveraging the popularity and complexity of Web 2.0 sites to target the greatest number of users," the expert contends.
Burke said that his firm has concluded that Web-based attacks will continue to become "more frequent, malicious, and sophisticated," challenging the security of confidential information, which has become "the single greatest threat to enterprise security.
More traditional attacks including Trojans, viruses and worms ranked as the second greatest threat to enterprise security, IDC found.
"The practice of hackers planting malicious code on legitimate Web sites is quickly becoming the norm. Hackers and malware developers are aggressively innovating ways to compromise popular Web 2.0 sites and others to install malicious code designed to steal personal and/or business confidential information and is difficult to detect," Burke said.
Spam climbed back to third position on the top threats to enterprise security, according to IDC, with blended threats that combine spam, spyware, viruses, and other malware in their attacks on the rise.
"One of the latest trends in Web-based threats is the use of encryption to hide malicious code and evade detection," Burke writes. "Spyware continues to be both a security and a system management nightmare. Theft of confidential information, loss of productivity, consumption of large amounts of bandwidth, corruption of desktops, and a spike in the number of help desk calls related to spyware are overwhelming many IT departments."
While security SaaS buying has traditionally been focused in the message filtering space, from vendors such as Google's Postini division, companies like Purewire may be able to ride the wave of Web-based attacks into greater market share for their services, Burke predicts.
"As businesses look to simplify security management (no hardware, reduced administration, centralized management and reporting, and so forth), an 'in the cloud' SaaS approach is fast becoming an attractive alternative," the analyst said.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.