Egovernment.com wasn't afraid to fill me in ... link to article.
And the eye opener
By the end of 2007, 75 percent of enterprises will be infected with undetected, financially motivated, targeted malware that evaded their traditional perimeter and host defenses. The threat environment is changing -- financially motivated, targeted attacks are increasing, and automated malware-generation kits allow simple creation of thousands of variants quickly -- but our security processes and technologies haven't kept up.I break it down on the following points
- Financially Motivated Malware? An example would be nice. If we locked down our web browsing and quit running our browsers with administrative privilege, this wouldn't be as big of an issue. No, myspace is not work appropriate -- even if you work in skip tracing.
- 75% will be infected -- what about the other 25%? Are they "clean" from habit or luck?
- Financially Motivated -- this is important. If we have monetary value associated with a risk, then follow the money. Gone are the days of nerds just playing, where attacks were loud and obvious (think Nimda, Code Red). Now we have state sponsored hacking and even mafia supported attacks -- not to mention your own employees.
- Lock down internet access - proxy, white list -- whatever, just clean it up.
- Monitor your email. You would cry if you saw what was being sent outbound each day.
- Use psexec to limit browser rights or use another OS all together. Link here -- Thanks Allen.
- Start thinking from the inside out. Do you have low paid, high turnover employees, with access to valuable information? -- stuff like that.