It's clear 2007 was an active year in the security sector. That's euphemistic for saying a lot of bad things happened.
This Dark Reading year-end review posits that there are three types of breaches: lost and stolen mobile devices that are soon forgotten, "hacks and mistakes" that have a moderate impact on the organization, and security breakdowns that make big news because of the cleverness of the hacker and/or the lameness of the security forces protecting the organization.
With that criteria in mind, the blogger lists the Storm botnet as the biggest security issue in 2007. The next two -- the loss of data by TJX and by Her Majesty's Revenue and Customs (HMRC) in the United Kingdom -- made most lists. Collectively, attacks on U.S. government labs such as the Department of Energy's Oak Ridge National Laboratory, the Los Alamos National Laboratory and the Lawrence Livermore National Laboratory were the fourth major security event. The U.S. Department of Energy's Counterintelligence Directorate's loss of 20 computers ranked fifth.
ComputerWorld's take on the worst in security in 2007 starts with TJX. The numbers are staggering: 45.6 million credit cards compromised by an intrusion that went undetected for 18 months. The fumbling of disks by HMRC also was huge: About 25 million records were lost. Other names to remember include TD Ameritrade (6.2 million records compromised) and Monster.com (the records of 1.6 million job seekers).
Security news this year went beyond the number of records lost. Here are some stories that, reported in the ComputerWorld piece, may have run a bit under the radar:
Things were no more sanguine in the eyes of Cisco unit IronPort. The company's vice president of marketing said that malware emerging during 2007 was so complex that it could only be the product of sophisticated research-and-development efforts.
In a striking statistic, IronPort said that during the past 13 months, information on about 60 million people has been exposed on the Internet and that cleanup and lost productivity costs have reached about $20 billion. The piece says spam has increased 100 percent and has moved from selling products to linking to nefarious sites. Viruses are increasing, but are operating under the radar. Finally, the writer says, the duration of attacks is decreasing.
In MessageLabs' look back, it saw a varied year, with spam -- which reached the 84.6 percent level -- still the predominant threat. Even so, about 10 percent of attacks used approaches not seen previously. The release references the Storm botnet and says that targeted attacks, the use of file attachments and malicious links grew. Social-networking sites became a much greater security risk during the year, the company added.
To some extent, companies have responded. Earlier this month Access Markets International (AMI) Partners said that spending on IT and telecom infrastructure and applications rose 16 percent between 2006 and 2007. Small businesses, the piece says, are focusing the security piece of that on antivirus and security services, while mid-size companies emphasized security services and hardware.
Clearly, 2007 was a tough year. Such deep-seated trends don't reverse themselves because the calendar changes. It's a safe bet that hackers will get smarter and make securing the enterprise even tougher in 2008.