New threats this year

Never has the IT threat landscape changed as quickly as this year, embattling enterprise security managers and end consumers alike. The screws have been tightening on three fronts. Firstly the time window between awareness of new threats and attack is shortening, making it harder to protect networks before damage is done. Secondly new threats have emerged or become significant, notably the combined effects of spam and spyware/adware. Thirdly devices previously impervious to attack are becoming vulnerable and here we are talking in particular about mobile telephony devices and voice over IP (VOIP) phones. These diverse threats have one common property – they waste time and therefore cost money. In some cases they simply cause computers to go slow by consuming memory or CPU, but even this can impose an enormous cost on a large enterprise. In other cases they cost money by exercising IT security staff, as has been well documented now in the case of spam. One enterprise monitored its anti-spam campaign over the first six months of 2004 and found that filtering techniques were only partially successful and became less so over time as spamsters found more sophisticated ways of circumventing them. The battle was ongoing, time consuming and expensive. The point is that however successful a defence is in disabling threats before they cause damage, the battle is lost if the process proves too expensive.