Newsflash | Computer Security

Release Date: 4/22/08

According to Microsoft in its new Security Intelligence Report 57 percent of publicly disclosed security breaches came from lost or stolen equipment in the second half of last year, compared with only 13 percent from hacking and malware.

The new Microsoft report focused on vulnerability and exploit data gathered from July through December of 2007. That data revealed that exploits, malware, and hacks made up only 23 percent of security breach notifications between 2000 and 2007. The report also bought to light a 300 percent jump in Trojan downloaders detected in the second half of 2007 with a 15 percent drop in the announcing of new vulnerabilities.

Security experts warn that the low number of hacker based data breaches in the report may be a reflection of the difficulty in quantifying the actual impact of such a breach. In lost hardware, it’s easier to say we lost this laptop, so we lost certain data. Whereas in hacking, it’s harder to determine what was actually compromised. Additionally, if a stolen laptop carried personally identifiable information, by law the victim must report the theft which could account for the higher percentage of reports of these breaches.

According to security experts the massive jump in Trojans in the last half of 2007 to over 19 million is due to the fact that Trojans are a more efficient and effective way for bad guys, like botnet operators, to infect as many machines as they can. Often by luring the user to click on a URL where an inconspicuous piece of malware is downloaded. Thus Trojans can silently install and await commands from their botmaster.

Although many security experts like CEO Doug Camplejohn of Mi5 Networks believe that the drop in reporting security vulnerabilities are due to a policy of being tighter-lipped about security breaches. Microsoft also claims its findings show its software is more secure. Among findings that Microsoft say backs its view are the drop in high severity vulnerability disclosures in the second half of the year, although Bureau 24 must point out that these types of bugs increased overall in 2007. And apparently, Microsoft’s Patch Tuesday is reflecting its view as the software giant released fewer security bulletins in 2007 then it did in 2006.

Bureau 24 is a Microsoft Partner and Security Expert. Microsoft has done a better job securing its new software. Some of that software, when fully featured, is outrageously innovative, easy to use and productive but the bottomline is you must have a comprehensive I.T. plan. You can submit the form to schedule a consultation with a Bureau 24 I.T. Expert.