Microsoft has released their latest Security Intelligence Report this week, and Symantec released their Internet Security Threat Report earlier this month. Both reports look to the changing security landscape, looking to past data and future trends.
Microsoft’s twice-yearly report, based on data from more than 450 million Windows users and from Internet services, looks at the changing threat landscape including software vulnerability disclosures and exploits, malware and other trends in security. The latest report, Volume 4, was expanded to include a focus on privacy and breach notifications and on cyber crime.
The report indicates that the total number of vulnerabilities in 2007 were down by 5%, though overall there were more high severity vulnerabilities in 2007 than in 2006. About a third of all security vulnerabilities had publicly available exploit code, a percentage that held from 2006 to 2007.
Exploits, malware and hacking accounted for less than 23% of all security breach notifications from 2000 – 2007, and accounted for 13% of notifications in the second half of 2007. The cause of most data breaches was, and is, lost and stolen equipment. 57% of the security breaches publicly disclosed in the second half of 2007 were the result of lost or stolen equipment.
As the graph indicates, that while hacking has been going down over the past few years, security incidents as a result of stolen equipment have been on the rise.
Malware removed by the Microsoft Malicious Software removal tool increased over 40% during the second half of 2007. Malware has increased in absolute numbers and in the rate of increase over the past few years. Trojans, for example, went up 300% in the second half of 2007. Rogue security software continues to increase, and individuals and businesses alike should be aware of these malicious programs.
These findings come on the tail of the most recent Symantec Internet Security Threat Report. The thirteenth version of the report indicates that the US accounted for 31% of all malicious activity, a percentage up from the first half of 2007.
In terms of data breaches, the education sector accounted for 24% of all data breaches, the most of all sectors, that could lead to identity theft in the second half of 2007. That said, the government was responsible for breaching 60% of the total identities exposed. As with the Microsoft report, 57% of these breaches were the result of the loss or theft of computer equipment.
Download both reports at these links:
- Symantec Internet Security Threat Report Volume XIII: April, 2008 [PDF]
- Microsoft Security Intelligence Report (July – December 2007)
Via security focus Tags: microsoft, symantec, internet security, report, internet security report, malware, malicious software, security, it security, security intelligence, security intelligence report, business security, data security, data breach