Symantec’s semi-annual Internet Security Threat report, released last month, paints a picture of an increasingly threatening Internet. But unlike previous reports, there seems to be little in the way of good news.
In the first half of the year, one in six companies reported a serious security breach, a number that increased to one in two in the second half. August, which will go down in history in malware folklore, had a nasty 12-day period when Blaster, Welchia and SoBig.F infected millions of machines worldwide and caused billions of dollars in damage. The second half of the year also saw a prodigious increase in the number of Win32 viruses and worms — 1,702 released in the second half versus 687 in the first.
Tony Vincent, lead global security architect with Symantec Corp., said some of the dramatic increase seen in reported security breaches could be due to one bad month. “In the front half of the year we didn’t have the big gang of three that we had in August,” he said. “That was very much a new thing.” Regardless, Vincent said there is also some concern with what he called the “shrinking time to market” — Blaster was released only 26 days after the vulnerability became public — and the trend of malware writers to simply use backdoors left by other worms, viruses or vulnerability exploits.
None of this news really surprised David Klein, network analyst with the Toronto Catholic School Board. “I guess I’d have to say that a lot more of my time (was) taken actually keeping on top of it, and verifying that our systems (were) fully protected,” he said. The tail end of the year “definitely” took up “more of my mental bandwidth.”
There was some good news though. The number of reported vulnerabilities plateaued more or less: 2,587 in 2002 versus 2,636 in 2003. While this stabilization could be explained by more secure software, it could also be explained by 2003 having, relatively speaking, fewer software releases.
“Last year, we might have been at a low point in terms of the software release schedule,” said Steve Poelking, a research director with IDC Canada Ltd. in Toronto. The previous year’s increase, when vulnerability numbers went up 81 per cent, could simply have been due to an increase in the number of application releases following the big launches of Windows 2000 and XP, he said.
But Poelking said the news from 2003 was not all bad. “Are we out of the woods? No…[but] I think the products are getting better,” he said. There is also an increase vendor focus on research and development, he said.
“Part of this story is it is still (the responsibility of) companies to have good policies and procedures to deal with this issue,” he said. “It isn’t just a technology solution.”
The statistics for the report came from Symantec Managed Security customers and 20,000 sensors located in more than 180 countries. The report covers July 1 to December 31, 2003.