Computer Crime Research Center


Microsoft report: Cybercrime losses more often result from human error

Date: November 05, 2008

Microsoft's six-year effort to improve computer security is paying dividends, according to a report the company plans to release today, but human errors, such as lost laptops, account for the biggest share of security vulnerabilities.

And cybercrime continues to rise, following us online as we spend more time doing business on the Web.

The Microsoft Security Intelligence Report, the fifth such study the company has undertaken, found that lost and stolen IT equipment resulted in 47.5 percent of reported data losses.

That should give IT professionals and security-conscious consumers some perspective, said George Stathakopoulos, general manager of Microsoft product security.

"It is more important for them to protect the physical access to the device that they have — and not leave their cellphone in a taxi — than anything else," he said.

Other human behavior, such as falling victim to "social engineering" attacks, also remains a major problem, particularly for consumers.

Social engineering, in which the text of an e-mail, for example, persuades the reader to open an attachment that installs malicious code, is the top software deception, Stathakopoulos said. Some attacks ask people to enter a password to open the attachment, tricking them into thinking what they're doing is secure.

While office workers have learned not to open attachments they weren't expecting, attackers have upped their game by researching users individually and tailoring "a much more targeted and finessed attack for this particular person," Stathakopoulos said.

Protecting against these sorts of attacks requires better education.

Vulnerabilities in the software itself are declining in number, but a larger portion of them are categorized as high severity and easy to exploit.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo