Latest Microsoft research on trends in cyber crime

Microsoft released research showing an acceleration in the number of security attacks designed to steal personal information or trick people into providing it through social engineering. The most recent Security Intelligence Report shows that attackers are increasingly targeting personal information to make a profit and are threatening to impact people’s privacy. The report found that during the first half of 2007, 31.6 million phishing scams were detected, an increase of more than 150 percent over the previous six months. The study also shows a 500 percent increase in trojan downloaders and droppers, malicious code used to install files such as trojans, password stealers, keyboard loggers and other malware on users’ systems. Two notable families of trojans detected and removed by the Microsoft Malicious Software Removal Tool are specifically targeted at stealing data and banking information.

Microsoft also released findings from a recent survey of more than 3,600 security, privacy, and marketing executives from different industries in the United States, the United Kingdom, and Germany, including financial services, healthcare, technology, and government. Conducted by the Michigan-basedPonemon Institute, the study found that as security threats increasingly target personal information, more collaboration among security and privacy officers is critical to avoid costly compromises or breaches of personal information. The study for the Microsoft Trustworthy Computing Group, titled “Microsoft Study on Data Protection and Role Collaboration Within Organizations,” found that organizations with poor collaboration were more than twice as likely as organizations with good collaboration to have suffered a data breach in the past two years.

With security threats increasingly posing a greater threat to privacy, data protection requires involvement from several groups within an organization that typically have different objectives and responsibilities. The research conducted by the Ponemon Institute showed that where the collaboration between security and privacy functions is good, the risk of a data breach is lower. Seventy-four percent of companies that admitted to poor collaboration said they had experienced one or more significant data breaches in the last two years. In comparison, only 29 percent of companies that claimed to have good collaboration reported one or more breaches in the same period. The research indicates there are tensions within organizations over how data should be managed. Security and privacy professionals see customer data as an asset to protect, while in functions such as marketing where personal data is collected and used, employees are more likely to see it as a resource to achieve business objectives. Conversely, representatives from all three functions agree that the theft or loss of customer data has a potentially damaging impact on brand value and organizational reputation.

Here is an example: One finding in particular from the survey provides evidence that some organizations struggle to align security, privacy, and marketing functions. According to the research, 78 percent of security and privacy executives said they were confident that their marketing colleagues consult them before collecting or using personal information. However, only 30 percent of marketers said they actually do so.