Keyloggers Proliferating…Personnel Continue to Take Bait…Not Surprising Considering Meager InfoSec Awareness Efforts

Okay, this story was widely reported starting Tuesday, "Websense survey says 50 percent rise in keylogger spying at work," but I’m just now getting to it.

"There was a 50 percent increase in the number of companies that reported spyware problems over the last year, according to the annual Websense Web@Work survey, the findings of which were released on Tuesday."

Hmm…yes, very interesting, but not that surprising.

""In April 2005, there were 77 unique password-stealing applications. In the latest March report, there were 197. Unique Web sites hosting keyloggers in the same time frame have gone up from 260 to 2,157–almost a 10-times growth,""

I’m not surprised, are you?  Just look how quickly other types of malicious code have grown over the years…exponentially.  It would be interesting to graph the occurrences growth trends of the different types of malicious code and overlay them…wouldn’t you think other types are still growing just as quickly…or more in some instances?

"The current survey also found that most companies believed that their staff could not distinguish between genuine sites and phishing sites. "Forty-seven percent of IT decision makers said their employees have clicked on phishing e-mails, and 44 percent believe employees cannot accurately identify phishing sites," Camissar revealed. "I am surprised that the results are not showing a larger growth in the number of organizations hit by this kind of threat.""

Now this does NOT surprise me at all!  Just look at the numerous reports about the meager awareness and training budgets organizations have for their information security efforts…E&Y, Deloitte and PWC have all published such surveys recently.  Your staff will not know how to distinguish real sites from bogus and/or malicious sites if you do not continuously remind them.  So, of course they are continuing to go these phishing sites.

Technorati Tags







Leave a Reply