“In 2005, there were a lot of [malware-driven] attacks going on, but now, a lot of companies feel they’ve done things to mitigate them,” says Rick Blum, director of strategic marketing for BT’s INS services and administrator of the survey… There’s also greater acceptance of risk in many enterprises, and a sense that malicious code isn’t as scary anymore…. “I don’t think people outside the IT security profession realize the influence that profit has had on the development of malware and cyber crime overall,” he says.
“They see that the noise surrounding attacks has died down, and they mistake that as a sign that the threat is easing off… But what’s really happening is that instead of fighting 17-year-old graffiti artists, they’re now fighting sophisticated cat burglars.”
While enterprises’ overall feeling of security against malicious code remains high, there is a greater awareness of internal threats than there was in 2005, according to the study. While 44 percent of respondents said external attacks are their greatest concern, 56 percent said their worries about internal attacks are as great, if not greater” said Doug Drew, senior security consultant at BT.
“We have seen malicious code introduced by internal sources, either as a means of accessing data that the user isn’t authorized to access or in the form of sabotage, such as logic bombs,” says Drew. As deployment of malware becomes more profitable for criminals, many attackers may bribe or blackmail internal employees to help them distribute it from inside, he observes.
Educating users on security policies remains the most significant barrier to improving enterprises’ ability to protect against malware, cited by 56 percent of respondents, according to the study.
http://www.darkreading.com/document.asp?doc_id=151382&WT.svl=news1_5