Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« New Useful FTC Site for Wireless and Computer Security, Internet Fraud, Other Topics and Related Awareness Activities | Main | Another U.S. Gov't Site With Useful Cybercrime and Fraud Information »

Keyloggers Proliferating...Personnel Continue to Take Bait...Not Surprising Considering Meager InfoSec Awareness Efforts

Okay, this story was widely reported starting Tuesday, "Websense survey says 50 percent rise in keylogger spying at work," but I'm just now getting to it.

"There was a 50 percent increase in the number of companies that reported spyware problems over the last year, according to the annual Websense Web@Work survey, the findings of which were released on Tuesday."

Hmm...yes, very interesting, but not that surprising.

""In April 2005, there were 77 unique password-stealing applications. In the latest March report, there were 197. Unique Web sites hosting keyloggers in the same time frame have gone up from 260 to 2,157--almost a 10-times growth,""

I'm not surprised, are you?  Just look how quickly other types of malicious code have grown over the years...exponentially.  It would be interesting to graph the occurrences growth trends of the different types of malicious code and overlay them...wouldn't you think other types are still growing just as quickly...or more in some instances?

"The current survey also found that most companies believed that their staff could not distinguish between genuine sites and phishing sites. "Forty-seven percent of IT decision makers said their employees have clicked on phishing e-mails, and 44 percent believe employees cannot accurately identify phishing sites," Camissar revealed. "I am surprised that the results are not showing a larger growth in the number of organizations hit by this kind of threat.""

Now this does NOT surprise me at all!  Just look at the numerous reports about the meager awareness and training budgets organizations have for their information security efforts...E&Y, Deloitte and PWC have all published such surveys recently.  Your staff will not know how to distinguish real sites from bogus and/or malicious sites if you do not continuously remind them.  So, of course they are continuing to go these phishing sites.

Technorati Tags







 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on May 18, 2006 9:53 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/90

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.