Symantec recently released its latest biannual Internet Security Threat Report (ISTR), which covered the second half of 2005. The ISTR is an analysis of global Internet security activities and trends compiled every six months that identifies and analyzes attacker methods and preferences.
The report revealed that there has been a marked increase in threats designed to facilitate cyber crime.
While past attacks were designed to destroy data or simply to cause nuisance, today's attacks are increasingly leaning towards the motive of silently gaining a profit without doing noticeable damage that would alert a user to its presence.
According to the report, malicious code threats that could reveal information rose from 74% to 80% from July to December last year.
'Cybercrime represents today's greatest threat to consumers' digital lifestyle and to online businesses in general,' said Al Ramon Dela Cruz, country sales manager of Symantec Philippines.
According to the report, as the rewards get more attractive, attackers continue to improve their methods such that traditional perimeter defenses are no longer enough, especially with the rise in client side attacks and Web application attacks.
Also, the rise in online fraud and the shift towards financial motivation has consequently made the financial services sector the top targeted industry in the second half of 2005, and has taken the place of the education sector.
The Symantec report also showed an increase in phishing messages and malicious code distributed through instant messaging (IM), as well as in mobile devices, especially smart phones.
'Mobile malicious codes still seem insignificant today but we will see a slow growth; there are now small amounts of vulnerabilities being discovered and we will see a gradual increase of vulnerabilities in these systems- servers, desktops, and handheld devices alike,' said Richard Velasco, technical consultant for Symantec Philippines.
Basic security
'Except for large corporations that are already at the gateway of protecting their assets and are investing in vulnerability assessment, we still have very basic security in place in the Philippines,' said Dela Cruz, noting that local organizations usually have a firewall and antivirus software in place.
But while companies are well aware of the security threats, he said users are faced with a common problem of what security tools to buy with limited budgets.
Government agencies, for one, are among the most vulnerable but least protected establishments. 'One concern is that there is no auditing body to audit each and every government office,' said Dela Cruz.
He also stressed the need for well-defined security policies from institutions like the Central Bank of the Philippines for the banking sector or the Commission on Information and Communications Technology (CICT).
He added: 'There's some action we're seeing but there's still a long way to go.'
In the meantime, the Symantec official suggested that local companies begin making an effort to protect assets by having security best practices in place such as employing multiple, overlapping, and mutually supportive defense systems that include the deployment of firewalls, antivirus, intrusion detection on client systems; enforcing a password policy; and educating management on the need to invest on security.