The use of removable media and the increased use of laptops contributed to 552 data breaches in 2008.
As Lumension releases its annual cybersecurity report, security and forensic analyst Paul Henry claimed that 5.9 million records were exposed and could have been protected last year.
Henry said: “Several security threats loom, but a major concern is the increased use of laptops and removable devices coupled with the number of companies affected by reduced IT budgets. The proliferation of endpoints is a significant security challenge as our research shows network attacks using mobile devices as the entry point into the enterprise network are poised for unprecedented growth this year.”
As social networking malware attacks continue to thrive, Henry claimed that there is a ‘need to bring some sanity back to the battle against web-borne malware, the common sense approach of addressing un-patched vulnerabilities needs to take priority over figuring out the next obfuscated delivery method posed by the black hats'.
With USB sticks becoming a byword for data loss last year, a Ponemon survey commissioned by Lumension showed that 90 per cent of IT security practitioners believe portable mobile device usage will increase security risks within their companies in the coming year.
Finally, while botnets will continue to change tactics and evolve in ways determined to thwart current popular defences, Henry claimed that the real problem for 2009 is not the botnet threat, but how organisations will deal with the threat.
Henry said: “Simply put, it [botnets] is a patch management issue – if the machines were patched to the most current software releases available, they would not be compromised in the first place. Until the underlying patch management issue is dealt with, botnets will continue their explosive growth on the public internet.”
Pat Clawson, Lumension chairman and CEO, said: “Although everyone is impacted by a slowed economy, the level of new and reenergised malicious attacks hatched each day is a major cause for concern for companies in the coming year.
“Our hope is that through our ongoing research efforts, coupled with regular communication to end-users via the blog and our endpoint security technical expertise, organisations will be armed with the defence mechanisms needed to win the war against cybercrime in 2009.”
To tie in with the launch of the report, the company has also formally launched its corporate blog.