SECURITY

W I N T E R2 0 0 7

SO U R CE

From the Gateway to the Desktop: Keeping the Network Secure

I N S I D E S O U R C E
4 Keeping Messaging Secure
Most viruses enter the gateway via email, making any network a target for malicious attacks.

From spyware to phishing attacks, security threats are growing more virulent as the promise of big payoffs increase. These days, keeping your network secure is more of a challenge than ever before.

5 Securing the Mobile Workforce

More businesses are adopting notebooks over desktops, posing new challenges to network security.

7 New Attacks on the Rise

The SANS Institute offers its predictions on what security concerns to watch out for in the near future.

8 Spyware: A Big Threat to Your Business

Your company could be vulnerable to a spate of increasing attacks. Find out how the biggest threats could affect your business.

hen savvy hackers create viruses that rake in millionswithout getting caughtit presents a huge incentive for others to join their ranks. As the criminal element continues to find cyber attacks more and more lucrative, tailored and targeted attacks are on the rise. Its no longer the bored hacker looking for glory, the goal today is really about making money. With highly motivated people and big paychecks on the line viruses and spyware attacks are growing more sophisticated and causing immeasurable damage to businesses nationwide. Although viruses and other malicious code still top the charts as the biggest threats to enterprise networks, spyware
S E E C O V E R S T O RY PA G E 2

SECURITY

SO U R CE
C O V E R S T O RY F R O M PA G E 1

With pharming attacks, users can unknowingly give up personal information even if theyre typing in their banks official URL.

now ranks right up there according to IDCs estimates. An FBI Computer Crime Survey, conducted in 2005, found that 79 percent of companies had been affected by spyware and almost 84 percent had been affected by a virus attack at least one time within the last 12 months. Most of the companies surveyed were using anti-virus software and were protected by a firewall. So theres no guarantee that the old line of defense will keep your network secure. For example, with pharming attacks, users can unknowingly give up personal information even if theyre typing in their banks official URL. It might look like your banks site, but in fact, that DNS servers route has been poisoned and its now pointing to a rogue site. In these cases, once you type in your user name and password, it gets logged into a rogue collection server, which actually logs you in to your bank behind the scenes. Other, newer threats include drive by downloads, such as when you go to a web site and something automatically downloads on to your computer without you asking for it or without you knowing it. Regardless of the intent, however, the attacks are more successful because theyre coming in disguised as legitimate traffic. And as attackers go out of their way to collect personal information, when they send out their threats, they often arent ignored. Some go so far as using social engineering tactics such as simply calling the receptionist and asking some questions and incorporating that information into the attack so the recipients wont be suspicious. If it looks like its coming from someone within your own company, its often not considered suspicious. In addition, more companies are experiencing human error as a threat to their networks (see Whos Minding the Network). Even more disturbing are the aftereffects of an attack. According to a 2006 study of 500 North American IT professionals published by Ponemon Institute, some 47 percent of respondents indicated that their companies are incapable of removing spyware from their networks once attacked, with 35 percent stating that their employers cannot prevent many spyware infections in the first place. Spyware typically hides inside computer systems in order to track users Internet habits and provide data to advertisers. Its also being used to collect personal data for subsequent identity theft. But even with spyware detection systems in place, many companies are still vulnerable. The option of simply shutting down the network to attacks doesnt make sense, however. As more attacks look like legitimate traffic, you risk shutting down email and other network traffic required to keep your business moving. (See Keeping Messaging Secure, page 4.) So its key to understand the difference between the good traffic and the bad traffic.
S E E C O V E R S T O RY PA G E 3

Whos Minding the Network?

Research firm the Ponemon Institute (www.ponemon.org) recently published a study showing that IT security professionals believe poor leadership at the executive level, coupled with a lack of accountability, is a major contributor to the breakdown in corporate data integrity. For the study, National Survey on Managing the Insider Threats, Ponemon surveyed more than 450 U.S.-based IT security professionals and points to resource and leadership failures as a primary cause of employee complacency, negligence, and malicious behavior resulting in both intentional and inadvertent compromise of business and personal information. Of those surveyed, more than 78 percent reported one or more unreported insider-related security breach within their company. Respondents ranked the top three threats to data integrity as missed or failed security patches on critical applications, accidental or malicious insider misuse of sensitive or confidential data, as well as virus, malware, and spyware infections. In addition, 93 percent of respondents attributed lack of resources and 81 percent cited lack of accountability as two primary contributing factors to poor data security. The study examines experienced IT security professionals opinions related to the causes, response, and solutions to the insider threat to data integrity. Insider threat is defined as the misuse or destruction of sensitive or confidential information, as well as IT infrastructure that houses this data by employees, contractors, and others with access to sensitive or confidential information. The survey states that the average annual cost of insider data breaches runs about $3.4 million. It also concludes that spending on technologies and programs aimed at addressing the insider threat seemed insufficient.

W I N T E R2 0 0 7

SECURITY

SO U R CE
C O V E R S T O RY F R O M PA G E 2

Threats to Enterprise Security

TROJANS, VIRUSES, WORMS AND OTHER MALICIOUS CODE

Multiple Threats Require Multiple Solutions

Today, the nature of security is that you cant just do one thing. Most companies are looking at increasing the types of authentication mechanisms theyre using by deploying more secure access secure socket layer (SSL) VPN, network access control, and unified threat management (UTM) appliances as a way of ensuring that employees and those who are gaining access dont bring unwanted things into the environment. There are several security issues that have to be addressed, it cant just be one solution anymore. One of the biggest trends is the notion that security now involves letting the good stuff in and keeping the bad stuff out. For example, employees or contractors can send confidential data such as customer financial records, price lists, social security numbers, sales forecasts, and engineering specs, and the business impact can be huge. One way to combat this is by adding more content filtering technology to gateway products so that messages and attachments can be scanned and possibly blocked as they are sent out. Many IT professionals are using a multi-layer approach that combines both a software solution to secure the individual PC nodes, and then a gateway security device to secure the gateway. Often this means deploying hardware and software from multiple vendors. This can offer further protection since companies wont be relying on just one vendor for all updates. You might have to give up some management capabilities but in the long run, your network is better protected. But even deploying a firewall at the gateway isnt necessarily going to protect your entire network. Most firewalls today consist of a stateful packet inspection device that looks only at Ethernet headers and makes layer two, three, and four decisions based on who the packet is coming from who its going to and what service type it is. These systems dont scan content and dont have application awareness. Therefore, intrusion prevention capabilities are recommended to ensure application level security and protect web servers, email servers, and databases. Intrusion prevention also protects against threats carried by new custom applications such as Instant Messaging and peer-to-peer applications such as Gnutella and Limewire. Many security solutions that have worked in the past depend on knowing what the attack is before it comes. For instance, with anti-virus software, an anti-virus vendor has to know about a virus so it can make a signature that matches what the virus looks like. The software then recognizes the virus and stops it as it goes by. Newer firewalls are being developed to circumvent attacks that no one has seen before. Rather than trying to recognize whats wrong the security proxies will enforce whats right, offering a more proactive approach to security.

SPYWARE

SPAM

HACKERS

EMPLOYEE ERROR (UNINTENTIONAL)

APPLICATION VULNERABILITIES

WIRELESS LANS

DEPLOYMENT OF NEW TECHNOLOGIES

CYBERTERRORISM

SABOTAGE BY CURRENT EMPLOYEES OR BUSINESS PARTNERS

CASUAL INTRUDERS

MOBILE DEVICES

SABOTAGE BY FORMER EMPLOYEES OR BUSINESS PARTNERS

BUSINESS PARTNER ERROR (UNINTENTIONAL)

COMPETITOR ESPIONAGE

INABILITY TO MEET GOVERNMENT REGULATORY MANDATES

From the Gateway to the Desktop

4 5

SCORES ARE BASED ON A SCALE FROM 1 TO 5: 1=NO THREAT 5= SIGNIFICANT THREAT N=435

But since there are ways to infect a network by getting around the gateway devices, desktop protection is also essential. Personal firewalls can prevent outside threats from coming in through the front door via a users laptopa growing concern as more users take laptops home or with them when they travel. A VPN gateway device can also help to prevent infections that users bring in from the outside. If a virus gets around the perimeter on a traveling laptop, its stopped at the individual computer so it cannot spread. Anti-spyware and anti-virus software are highly recommended both at the gateway and at the desktop. A firewall will never look at an individual laptops memory,
S E E C O V E R S T O RY PA G E 4

Source: IDCs Enterprise Security Survey, 2005

W I N T E R2 0 0 7

SECURITY

SO U R CE

Keeping Messaging Secure

Most network viruses enter the gateway via email, so keeping the gateway safe and open to legitimate traffic is getting more challenging.
network through email according to a report by Osterman Research. Why? The vulnerabilities of email offer multiple entry points for attacks. Once a user opens a document or forwards an infected message, the virus can spread like wildfire. While the threat is not new and the solutions sound somewhat familiar, whats critical is creating a system that can combat the multiple threats that continue to proliferate. The most serious messaging and security problems faced by organizations, according to Osterman Research, include growth in email storage requirements, inadequate email archiving, employees sending confidential data via email or Instant Messaging (IM), and employees sending and receiving inappropriate content. While viruses used to spread slowly and quietly so that no one would notice, the current crop of viruses are trying to spread as quickly as they can. In the spreading
S E E E M A I L S E C U R I T Y PA G E 6

Iorganziations have had a virus, worm or Trojan horse successfully infiltrate their

ts no secret that the majority of viruses are spread by email. Some 84 percent of

C O V E R S T O RY F R O M PA G E 3

cookies, or system registries, so you also need spyware technology on the gateway. Gateway security not only acts as a first line of defense to catch drive-by installs, embedded installs and browser exploits, but it is also the mandatory last line of defense for computers that are infected, and are attempting to communicate with a rogue collection server outside the network. In most cases the gateway device can detect the attempted communications, and stop them before any damage is done.

Unified Threat Management

Another option comes in the form of unified threat management (UTM) systems that offer companies higher levels of security within the network and at the perimeter. UTM is defined by IDC as a security device that provides broad network protection by combining firewalling, anti-virus, and intrusion detection and prevention on a single hardware platform. UTM and intrusion detection and prevention offer additional security features that can solve a number of different security problems. Current UTM devices pick from a menu of more than a dozen options including network firewalls, application and XML firewalls, site-to-site and remote access VPNs, anti-virus, antispyware, anti-spam, and anti-phishing, bandwidth management, intrusion prevention and detection, application control, content filtering, and web proxy. The advantages include improved performance and reduced complexity as well as simplifying management. By consolidating multiple appliance products with one intrusion prevention package, companies get the same level of protection with the same device, which can help reduce costs and management issues. These UTMs can be used in addition to an existing firewall, offering complementary protection, depending on requirements.
W I N T E R2 0 0 7

UTMs are a response to the complete change in the security space. Small to medium size companies (25 to 500 users) often dont have IT expertise so its important that the technology involved isnt too expensive or complicated. Organizations that want to have the maximum amount of security while reducing total cost of ownership can turn to UTM devices. From a configuration, implementation, and management perspective, UTMs not only address the perimeter but also the issues that crop up in the network itself. There are different ways for viruses to come in other than just at the gateway. For example, if someone comes in with a USB drive or laptop from the outside, it could spread viruses internally. Its not just about perimeter security but internal network security as well. The best solutions are a combination of software and hardware that offer perimeter security and constantly keep the appliance updated. Some devices try to do everything at the gateway, which is processor intensive and will compromise speed coming across the firewall. Its better to use the power of processors on the individual PCs and set up rules on the client side, and not leave it all up to the firewall to do all the heavy lifting. How do you know what youre getting when you purchase a firewall or UTM? Most firewalls are certified with ICSA Labs, a third-party certification body that develops programs in response to industry and end-user needs and works with vendors to develop testing criteria and standards that end users can test products against. All products need to meet a certain criteria annually to remain certified. The standards evolve as well and require that vendors have the provisions to stop the latest threats. ICSA defines UTMs as appliances that include a firewall, antivirus, an intrusion protection system, content filtering, and some VPN element. I

SECURITY

SO U R CE

Securing the Mobile Workforce

Ihave a mobile workforce. Gartner (www.gartner.com) predicts that by 2007 more
f you have employees working from home or traveling most of the time, you than two thirds of workers will use mobile and wireless computing. In addition, a 2006 survey by Osterman Research (www.ostermanresearch.com) found that 98 percent of 114 respondents say their organizations allow remote access to their corporate networks. Beyond managing the day-to-day aspects of supporting multiple users in multiple locations, IT professionals are faced with the challenge of keeping networks secure from the various threats that can simply walk in the front door. In addition, with remote and mobile users toggling between on-net and off-net connections to untrusted networks, endpoint devices may be exposed to viruses, malware, and hackers who might be using that as a way to piggyback onto corporate networks. The rapid proliferation of municipal Wi-Fi projectsturning entire cities into hotspotsbrings the threats of phishing, and bridging, requiring laptop users to protect themselves both outside and inside the office. Some companies are turning to a no wireless policy or adding an IPS solution to protect their WLAN, but its important to know all the options before setting your mobile workforce strategy. In a virtual network environment, client endpoint devices are no longer stationary, so the IT group faces the multi-layered challenges of securing sensitive data stored on the remote device, ensuring that the endpoint device accessing the corporate network is legitimately authorized to connect, protecting the device from malicious code and other threats, and protecting data in transit against eavesdropping or data theft.

Security Measures Implemented

BAN USE OF PORTABLE MEDIA DEVICES: 15%

RE-DIRECTED HEADCOUNT TO ENFORCE POLICIES: 17%

USE OF MANAGEMENT SOFTWARE: 20%

A key first step is creatingand subsequently enforcingsecurity policies. According to the Osterman survey, 64 percent of respondents have implemented specific policies and procedures instructing employees on how to avoid a sensitive data breach. In addition, over 90 percent of those surveyed indicated that they rely on their employees to take specific actions to help comply with policies. But developing a policy may not be enough to ensure network security. Greater than 80 percent of respondents in the Osterman survey indicated that their organizations do more than develop policy. And, 88 percent stated that they used technology to automatically encrypt data on portable devices. Establishing user authentication procedures is another key aspect of any mobile security strategy. Users, devices, and networks should be authenticated. When a user logs into a remote access device, for example, a user ID and password help authenticate that the user is the appropriate individual to be using that computer. For even stronger security, two-factor authentication can also be used. User authentication requires the use of a VPN service and your enterprises backend authentication, authorization, and accounting infrastructure. The server side of the endpoint security scanning functions on the device, which can be run in an appliance, as router-based software, or as server software. It first checks the device for infection, then that it complies with all required OS and application software versions, then that it isnt running any programs disallowed by your organizations policy. If the device doesnt comply, access will be blocked or the connection can be rerouted to a URL so that patches can be applied. As remote access connections become more integral to mainstream business operations, its crucial to have a solid strategy in place to keep the network secure from possible attack. Successful endpoint security measures involve remote client software with a bundle of security functions that filter out access attempts from intruders and malicious code. I 5

PORTABLE DEVICE DATA AUDIT: 26%

LIMITED TELE-WORKING 26%

INCREASED HEADCOUNT TO ENFORCE POLICIES 26%

USER TRAINING SESSIONS: 61%

STRONGER AUTHENTICATION FOR REMOTE ACCESS: 65%

Percentage of respondents who indicated their organizations implement various measures to enforce policies. Respondents were asked to check all that apply.

Source: Entrust 2006 Mobile Workforce Security Survey and Osterman Research

W I N T E R2 0 0 7

SECURITY

SO U R CE
E M A I L S E C U R I T Y F R O M PA G E 4

theyre clogging up email queues causing network traffic flow problems and adding to the damage well beyond what the virus itself was coded to do. And, with threats coming in that have higher volume, intensity, and maliciousness, most companies are finding it difficult to keep up with the attacks. Since email is such an open architecture, its vulnerable to all sorts of attacks. Its difficult to protect because by its nature, and the nature of most businesses, it has to remain open. One of the biggest

Name That Virus

There are a lot of terms flying around out there, some are defined by what they do and others are defined by how they behave. Some do both. Heres a list of the most common and what they really mean. Adware: Advertising-supported software is any computer program or software package in which advertisements or other marketing material are included with or automatically loaded by the software and displayed or played back after installation or in which information about the computer or its users activities is uploaded automatically when the user has not requested it. These applications often present banner ads in pop-up windows or through a bar that appears on a computer screen. BotNet: A botnet refers to a type of bot running on an IRC (internet relay chat) network that has been created with a trojan. When an infected computer is on the Internet the bot can then start up an IRC client and connect to an IRC server.

Malware: Malicious software is any software program developed for the purpose of causing harm to a computer system, similar to a virus or trojan horse. Malware can be classified based on how it is executed, how it spreads, and/or what it does. Phishing: The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers that the legitimate organization already has. Spyware: Spyware surreptitiously monitors your computer and Internet use, while adware can bombard your PC with unwanted advertising. Both pose a drain on your bandwidth and can lead to loss of security. Trojan: A Trojan is a program that appears to be legitimate, but in fact does something malicious. Trojans are often used to gain backdoor accessremote, surreptitious access, to a users system. Trojans do not replicate as viruses do, nor make copies of themselves as worms do. Virus: A virus is a program designed to replicate. Generally, spread is accomplished by infecting other files. Worm: A program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computers resources and possibly shutting the system down. Zombie: A computer that has been implanted with a daemon that puts it under the control of a malicious hacker without the knowledge of the computer owner.

Zombies pack a double whammy, not only infecting the system, but also damaging a companys reputation.
trends within the threats are zombies when corporate systems are taken over by a virus that enters the systems and desktops become spammers for someone on the outside. Zombies pack a double whammy, not only infecting the system, but also damaging a companys reputation. The spamming that results can be traced to the computers sending it and the organization can, in turn, be blacklisted by ISPs blocking future emails and general use. An increase in blended threatsspam email that may have a virus attached to it, but may also link to a phishing site thats set up to take personal informationhave become so much more than a virus or a worm. Combatting blended threats is driving the messaging security market, according to Osterman Research. Because of the growth in the variety and severity of threats, many organizations are moving beyond first generation antivirus and anti-spam software, replacing these with email content filtering and/or email encryption devices.
S E E E M A I L S E C U R I T Y PA G E 7

W I N T E R2 0 0 7

SECURITY

SO U R CE
E M A I L S E C U R I T Y F R O M PA G E 6

New Attacks on the Rise

The SANS Institute (www.sans.org) offers the following security concerns to watch out for in the near future. Watch for more targeted attacks, particularly against government agencies. The Washington Post, Time magazine, and Government Computer News have all reported attacks on U.S. government computer systems by cyberspies, possibly supported by China. SANS believes that other antagonistic nations and terrorist groups, aware of the vulnerabilities, will radically expand the number of attacks. Military contractors and businesses are also expected to be targets. Worms are expected to infect at least 100,000 cell phones by jumping from phone to phone over wireless networks. Hackers will try to make money by installing adware on phones, which now have richer operating systems that support more features. Voice over IP (VoIP) systems are also vulnerable: SANS says VOIP technology was deployed hastily without fully _understanding security._PDA smart phones are another potential target. According to SANS these will be targets of thieves, both for the value of their content and the hardware which can be resold. With so many ways to make money, SANS predicts the growth of spyware worldwide development and distribution centers. Zero-day vulnerabilities will increase and infect thousands of PCs worldwide. Researchers often exploit the vulnerabilities they discover and then sell them, SANS says. New zero-day exploits of Microsoft software have been reported recently. And BOTs, which will come bundled with rootkits that conceal their presence and make it almost impossible to remove them from a PC without reinstalling the operating system are on the rise. Network Access Control will become more common and more sophisticated. Weary of trying to defend laptop computers, security managers will start testing computers that try to connect to their internal networks. Tests will grow more sophisticated, from todays simple configuration checks and virus signature validation to deeper analysis searching for traces of malicious code, according to SANS. In response to all the new data breaches, laptop encryption will be mandatory at many companies and government agencies and will come preinstalled on new equipment. (See Securing the Mobile Workforce, page 5.) Congress and state governments will pass more legislation to protect against theft and misuse of customer information. (Currently there are 36 state laws regulating data breaches and around 85 bills in Congress.) If Congress waters down the state laws, state legislatures and attorneys general will find harsher ways to penalize organizations that lose sensitive personal information, SANS predicts.

Research firm In-Stat reports that the email security market is predicted to reach $3.7 million by 2009. According to a decision-maker survey conducted by In-Stat, companies are looking for email security products that combine multiple security and management functions. While appliances are expected to overtake software as the preferred delivery model for email security, many decision-makers surveyed were undecided about the platform for near-term purchases. Yet 66 percent of decisionmakers surveyed plan to purchase email security products within the next two years. Not surprisingly, viruses and spam continue to be the top email security concerns.

Long-term Protection
As recommended with network security issues, a multilayered approach to protect email servers is often best. And because some vendors react more quickly than others at getting signatures out to clients, a multiple layered approach from multiple vendors is even better protection. The reason being is that the efficacy of traditional anti-virus products comes from being able to match attachments of incoming email to known virus signatures. What that means is that the virus vendors will have to publish updates whenever a new virus is found. In addition, multiple vendors products act as two different scanners, two different products looking at the traffic, one may catch something that the other missed. It takes away from the one point of report and management, but it also adds to the security of your system. Theres also a range of techniques for anti-spam. Its best to have one good anti-spam product that uses all the best techniques including blacklisting, Bayesian filters, signature-based scanning, and Heuristics scanning in a cocktail approach. Leading anti-spam products look at a message as its coming in and look at elements of it, not just the message, but also how its being sent to try and guess whether its spam or not, if its obviously spam, it will
S E E E M A I L S E C U R I T Y PA G E 8

W I N T E R2 0 0 7

SECURITY

SO U R CE

Spyware: A Big Threat to Your Business

Spyware Nearly as Widespread as Viruses
PORNOGRAPHY (CHILD): 2.6%

Ibe vulnerable to a spate of increasing attacks and perhaps even be exposed to

f your company does not have effective spyware and adware protection, you could extensive security, privacy, legal, and productivity risks. According to a Sophos Labs (www.sophos.com), the number of keylogging Trojans tripled in the first six months of 2005. IDC estimates that more than 75 percent of all corporate machines are infected with various forms of spyware. As shown in the chart (left), a 2005 FBI computer crime study found that over 79 percent of companies surveyed had been affected by spyware and almost 84 percent had been affected by a virus attack at least one time within the year. Of those companies surveyed, 89.2 percent were protected by anti-virus software and 90.7 percent were protected by a firewall. I

WEBSITE DEFACEMENT: 2.7%

WIRELESS NETWORK MISUSE: 2.9%

UNAUTHORIZED ACCESS TO INTELLECTUAL PROPERTY OR PROPRIETARY INFORMATION: 3.9%

TELECOM FRAUD: 5.3%

E M A I L S E C U R I T Y F R O M PA G E 7

FINANCIAL FRAUD: 8.4%

reject it. If its not sure, then it will pass it through to another stage that will look at the contents of the messageusing techniques like Bayesian categorization, which checks whether the content is similar to messages that spammers normally send or whether it looks legitimate. Whatever approach, most experts agree that its best to stop spam at the SMTP gateway. Protecting the mail server itself allows real-time scanning to detect incoming viruses as well as detecting viruses internally to make sure that users are not sending viruses around to one another within the network. Its also possible to block malicious incoming emails by certain file types. Many use the same file formats, which are not generally found in normal messages, such as .pif and .vdf and other types of file extensions. Most virus tools allow you to block by the top extension types used by mass mailers. That way you can stop potential attacks. Many products mainly defend the network from the perimeter to the desktop, but that may not be enough. Since laptops are outselling desktops and theyre mobile by nature, you can actually hand carry a threat right around your original perimeter. Where it used to be the outer edge of your network or gateway, threats can come in from either end or in the middle. Its best to consider measures to defend the network so that if one segment becomes infected, it has little chance of infecting other parts of the network. In some cases, splitting a single critical department into different segments, for example, emergency services, could help prevent a widespread attack. A 911 department not only should be segmented from the rest of the network but should be segmented within itself into multiple divisions, so that if any one portion of it should become infected by a virus or other attack the spread would be limited to that one area. One of the least addressed aspects of email security is education. Spammers and virus writers often use social engineering tactics to dupe unwary users, so educating them about what to watch out for can help to mitigate risk. It wont provide 100 percent protection against new threats, but it can be a vital part of any security policy. The more people are aware of the dangers and pitfalls, the fewer incidents youll have of inadvertent outbreaks or infections. I 8
SourceWorks Media Catherine LaCroix, Editor Laura Stoll, Designer

NO RISKS ENCOUNTERED: 13.4%

NETWORK INTRUSION: 14.2%

DENIAL OF SERVICE (DoS): 14.5%

INSIDER ABUSE OF COMPUTER (PIRATED SOFTWARE/MUSIC): 15.0%

LAPTOP/DESKTOP/PDA THEFT: 15.5%

PORNOGRAPHY (ADULT): 22.4%

SABOTAGE OF DATA NETWORK: 22.7%

PORT SCANS: 32.9%

SPYWARE: 79.5%

VIRUSES/WORMS/TROJANS: 83.7%

Source: 2005 FBI Computer Crime Survey

W I N T E R2 0 0 7