Networks face ‘crisis of trust’: Websense


One of the easiest section of a news service to fill the one called “Security.” There’s no shortage of stories about malware taking down an organization’s Web site or stealing sensitive information.

According to Websense Inc.’s annual threat report, issued this week, attacks or organizations are increasing in numbers and sophistication, and that won’t change in 2013.

The report says there’s a “crisis of trust”—that mobile devices can’t be trusted on corporate networks, that users can’t trust IT for protection from attacks, that organizations can’t trust their current defences to protect against emerging attacks.

“The Web became significantly more malicious in 2012,” the report says in part.

Which begs the question: Have we lost the security war?

It’s a difficult question to ask an official of a security vendor – Websense makes Web filtering software – and one that the company’s manager of security research was reluctant to answer yes.

“Security is constantly a cat and mouse game because the Web is really open, so we’re constantly on the lookout for stuff,” said Chris Astacio.

“But to stay we’ve lost the war is difficult to swallow.

“There are always things that can be done to prevent attacks, and that’s by using a layered approach to security. You never expect there’s going to be one silver bullet to and one layer of protection that’s going to cover everything.”

Malicious binary codes change hourly, he pointed out, a pace that antivirus software can’t match. So layers analyze what’s coming into the network, the binaries themselves, and what’s going out.

Among the report’s highlights:

— Malicious URLs increased more than 600 percent over 2011 levels;

–85 per cent of malicious web sites were found on compromised hosts sabotaged by cybercriminals;

— Only 1 in 5 emails sent in 2012 were ‘legitimate’;

— 1 in 10 malicious mobile apps asked for permission to install other apps, something rarely required by legitimate apps;

— 32 per cent of shortened URLs in social media were used to disguise malicious links to other Web sites;

Attackers are getting more sophisticated, using social media to find individuals to target. For example, one victim looking for a used car received an email with an infected document purporting to be from someone with a car to sell;

It’s also common for attackers to send email with malware on weekends or Monday morning, when they figure people have their guards down and are more likely to click on links or open attachments;

Half the 2012 malware that connected to the Internet after infection downloaded additional malicious programs

“Taken together, these indicators made it clear that those who treat mobile threats, email threats, Web threats and other cyberthreats as separate and distinct risks will be left behind,” the report concludes.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now