Battling new nasties

Smarter spyware

Camissar said there was a new threat on the horizon - bots. This software can be unknowingly installed on a user's PC and communicate with a command centre.

The command centre has unauthorised control of many bot-infested PCs from a single point, and can be used for launching distributed denial of service (DDoS) attacks, acting as a spam proxy or hosting malicious content and phishing exploits.

Spyware has continued to be a problem within the enterprise during the past 12 months, according to Clearswift managing director, Peter Croft.

A new trend, drive-by spyware, constructs itself, he said.

"Typically, users have to click on a link. The newer versions are constructing on a PC while the user downloads something," Croft said. "Some very smart malware is emerging."

Phishing, meanwhile, has stayed relatively constant in the past year as hackers use new deception techniques to lure Internet users.

Many employees receive phishing attacks via email or instant messaging and the best are highly deceptive.

Phishing gets users to cough up their details. But a good email protection system, or email content security, will look for the phraseology and help guard against the threat.

The loss of intellectual property was also a growing concern that is changing the security landscape, T3 Australia executive director, Cherie Munden, said. The theft of proprietary information was not taken seriously enough.

"There's a misconception in the marketplace about where the threats lie," Munden said. "We need to make people more accountable. Security of information will be the number one issue facing businesses in the next few years."

In a bid to boost security management for corporates, she suggested resellers pitch data encryption, antivirus, firewall protection, monitoring and control, user authentication, access and intrusion detection.

"From small home-based enterprises to large corporates with thousands of employees, increased use of technology and mobility has meant security is paramount," Munden said.

Security issues today include the substantial corporate and personal exposure as well as losses through computer-related crime, laptop theft, unauthorised usage or remote access, data privacy and confidentiality breaches.

Munden said resellers needed to understand the different security concerns in different markets, and help a company deal with the challenges of implementing and managing solutions.

There has been a significant increase in activity that threatens intellectual property, according to Clearswift's Croft.

"The hard part is managing unstructured data," he said. "The info that goes into an ERP system is structured, whereas email or Word documents are unstructured. This can be enormously damaging to an organisation.

"Security is no longer about the commodity approach of stopping spam or viruses. It is about protecting the entire business by, for example, stopping employees from emailing financial information to friends."

These types of threats are forcing many corporates to adjust the way they use existing security products in light of information leakage and the growing need to improve outbound content control.