Symantec has just released its latest annual Internet Security Threat Report, which recorded a substantial increase in the amount of malicious attacks.
The security firm noted that it blocked some 5.5 billion malicious attacks throughout 2011, which was up 81 per cent on the previous year. Furthermore, the number of unique malware variants increased to 403 million, and the number of web attacks blocked per day went up by a third.
On the other hand, the better news was that new vulnerabilities discovered decreased by 20 per cent, a significant drop. Although as Symantec notes, this is partially a reflection of the amount of cyber-ne'er-do-wells who are adopting easy to use attack toolkits to take efficient advantage of existing vulnerabilities.
Spam levels also fell, which ties in with the findings of Sophos in its latest "dirty dozen" spam report. This may be in part due to service providers honing anti-spam measures, but is more indicative of a refocusing of cyber-criminal efforts away from traditional spam campaigns, targeting social networks instead.
Social engineering techniques exploit the viral nature of the networks, and make for a potentially serious snowball effect which the cyber-criminals are attempting to take maximum advantage of.
Symantec's report also observed that targeted attacks using customised malware, or social engineering techniques, are spreading to organisations of all sizes, not just the public sector, government or larger enterprises. The number of targeted attacks also went up throughout 2011, from 77 per day to 82 per day by the end of the year.
More than 50 per cent of these attacks were launched against organisations with less than 2,500 staff, and a fifth of attacks hit smaller companies with less than 250 employees. Such targets are likely picked due to a perceived or real lack of defence expertise, and possibly because they're in the ecosystem of a larger firm.
Identity theft also rose dramatically, with 1.1 million identities stolen in the average data breach throughout 2011. That's quite a staggering figure but no doubt pushed upwards by the biggest data loss incidents. Hacking posed the greatest threat in terms of ID theft, with hackers compromising no less than 187 million identities last year.
The most common cause of ID data spillages, however, was losing USB sticks, laptops or other devices. While this was the most frequent occurrence, it still only accounted for 18.5 million exposed identities, a tenth of the figure hacking was responsible for.
Symantec noted that as Bring Your Own Device becomes more common in the workplace, companies have a job on their hands to manage data security when staff use their own smartphones, tablets or other devices for work purposes.
Speaking of smartphones, mobile vulnerabilities almost doubled in 2011, going up 93 per cent. There was a marked rise in threats targeting Android, as Google doesn't police the OS's app system in the tight manner Apple does.
Stephen Trilling, Chief Technology Officer, Symantec, commented: "We've seen a large increase in attacks on mobile devices, making these devices a viable platform for attackers to leverage in targeting sensitive data. Organisations of all sizes need to be vigilant about protecting their information."
UPDATE: ITProPortal has exclusively spoken to Sian John, Symantec's Security Strategist at Infosec 2012, in regards to the latest Internet Security Threat Report.