IT under siege: The security arms race

The security arms race is escalating to unprecedented levels and has security professionals more nervous -- and more vigilant -- than ever.

What was once the domain of hacker hobbyists looking for glory and free digital content is now the realm of criminally minded professionals. For years, IT administrators viewed most malware as more of a nuisance than something that could inflict lasting, six- and seven-figure damage.

In years past, malware might leave “greetz” messages to other hackers in their code, set up file-trading sites, or open IM chat channels. Not anymore. Today’s top threats are professionally written programs coded to steal identities and passwords, break into restricted Web sites, conduct corporate espionage, and install spyware. Even after administrators discover and remove these intrusions, it is difficult to assess the extent of the damage or how much confidential information was compromised.

It’s not surprising, then, that when asked for the most serious security challenge their companies will face in the next 12 months, nearly half (49 percent) of the survey respondents in this year’s InfoWorld Security Research Report cited the increased sophistication of Trojans, viruses, worms, and other malicious code flooding the enterprise.

“You’re now looking at the low and slow attack,” observes Nand Mulchandani, vice president of marketing at the security software vendor Determina. The bad guys “don’t want to take a machine down. They want it up and running so it will give up user identities and so on.”

Click for larger view.

Fifty-seven percent of the 474 individuals who responded to our survey in July cited viral attacks as the most dangerous threat to network security, up from 29 percent last year. The respondent companies also reported that each had foiled an average of 368 attacks in the preceding 12 months. An average of 44 attacks, however, successfully breached defenses, and what is getting by is ever more threatening because their mechanisms are much more complex -- even self-evolving.

Mothership Code
In the past, most malicious code was stagnant. When released, it did only what it was programmed to do, exhibiting no deviation from its instructions. Often, malware would announce its presence to the user, as schemes were more about bragging rights than they were about genuine malice. Even the malware that was designed to inflict damage was relatively tame. The ILoveYou virus, for example, deleted files when executed, but only script and graphic files. Moreover, the SQL Slammer worm, which infected almost every Microsoft SQL Sever on the Internet in under 10 minutes, didn’t set out to delete every file on every file server it could touch, nor did it target Microsoft Office files.