Last year saw another staggering rise in malicious software, with more than 1.6 million new threats created, according to the latest Internet Security Threat Report from Symantec.
The security specialist’s 2008 study found malware grew more than 200 per cent from 2007, while botnet activity rose by 47 per cent.
Trojans were the most common form of malware, accounting for 66 per cent of the top 50 potential infections in Europe, as criminals seek to steal financial and other data to sell.
Symantec chief scientist Guy Bunker said that although most companies are well protected at desktop or laptop level, they must be educated about the risks posed by smartphones, which are used increasingly to access back-end systems.
“Companies need to upgrade their security policies and applications to ensure smartphones are adequately covered,” he said.
Bunker also said that USB devices would be used more over the next year, while the rollout of high-speed fibre-optic broadband to homes could attract more bot herders looking to compromise UK PCs.
But Bunker said the industry had reached a “tipping point” in the way that malware is detected.
“There has been a huge increase in the amount of malware, but when it is built from the same building blocks it makes things slightly simpler and easier to catch,” he said.
Browser plug-ins and vulnerabilities in web applications are among the biggest risks for firms, according to Jay Abbott, threat and vulnerability leader at consultancy PricewaterhouseCoopers.
“I am constantly asked by clients to test their web applications because this is where the majority of vulnerabilities are at the moment,” he said.
Threat levels remain high because of the democratisation of malware tools, which are sold online at ever-lower prices, and the fast-mutating nature of many viruses, said Ovum analyst Graham Titterington.
But he said IT systems and applications are being increasingly engineered with security in mind, while heightened public awareness has also helped to raise safety levels.
“We have not really seen a radical new attack vector,” said Titterington. “It shows that generally speaking we’re doing a pretty good job, but the battle is never won.”
By eliminating high entry costs for big data analysis, you can convert more raw data into valuable business insight.
A discussion of the "risk perception gap", its implications and how it can be closed