Security threats have taken on a new guise in 2007, something Symantec Canada’s top boss hasn’t seen in his 13 years with the company. While there’s the usual culprits like spam, phishing and bots, Michael Murphy, vice president and general manager of Symantec (Canada) Corp., said there’s also a new emerging threat from commercialized attacks like never before.
“2007 was an interesting year,” said Murphy. “One very interesting thing to me being in this industry for a long time is the sea change of how threats have evolved to become very professional and very commercial.”
Specifically, as outlined in Symantec’s Top 10 Internet Security Trends of 2007, professional attack kits such as Mpack and other phishing toolkits that were made popular. Forty two per cent of the Web sites that were observed in the first half of the year were associated with three phishing toolkits. In another example, Wabi Sabi Labi debuted and offered an auction-style system for selling vulnerability information to the highest bidder, according to Symantec’s report.
Outside of the PC realm, Symantec also brought attention to another platform that is seeing an increasing number of attacks but is relatively unprotected – the smartphone. Symantec recently launched Norton Smartphone Security software, which runs on the Windows Mobile and Symbian OS platforms. The software provides anti-virus, anti-spam for SMS, firewall and platform compatibility for devices running either Windows Mobile 5 or 6 and Symbian 9. The software currently is not supported by Research In Motion devices as they run a proprietary OS.
In many corporations, most devices are owned by the individual and not by the organization, said Murphy. “Corporations look at the risk given that to date there are very few threats for those devices,” he said. “It’s probably at the network or the desktop not at the handheld today. The threats are quite limited.” But the mobile platform is one of the trends that Symantec is seeing for 2008 as connectivity and adoption rates expand.
25 years
This year was also special for Symantec Canada as the subsidiary celebrated 25 years in Canada. Symantec Canada began like many Canadian subsidiaries of U.S. companies, Murphy said, with one individual trying to get the company’s feet wet in the market by setting up partnerships with distributors and customers. Murphy also pointed to the fact that Symantec Canada’s, unlike its parent company in the U.S., where growth is largely organic as opposed to growth through acquisition.
“Obviously the companies that we’ve acquired have not been uniquely Canadian,” he said. “Most of Canada’s growth has been more organic.”
In terms of acquisitions, it has been a couple of years since Symantec entered the storage business through its purchase of Veritas, and with virtualization being one of the hot topics this year, it couldn’t have come at a better time for the company.
Going green
Green IT hogged the pages of newspapers, magazines and white papers in 2007 as hardware and software vendors saw virtualization in a greener light. No longer was it about just server consolidation – virtualization had become the hot new way for vendors to sell their and their customers’ commitment to the environment.
“Virtualization has been a hot topic,” said Murphy, pointing to the success of VMWare’s public IPO. Customers want to have a strategy around it. Most organizations are half way there.” But Murphy added businesses are getting stuck because they are not virtualizing their mission critical apps because they are on a different scale and hardware demand.
Virtualization is also a big part of a company’s security strategy by not only protecting what’s coming in but what’s already inside the organization. At the end of the day, Murphy says securing an organization comes down to the education of its workforce. “Symantec’s view has been that education and awareness [and making sure] people are aware of what risks and threats they are susceptible to is the most important [consideration].”
Looking ahead, Symantec recently released its, “Trends to watch in 2008,” with election campaigns, bot evolution and advanced Web threats taking the top three spots. During the U.S. Presidential campaigns and leading up to the election next year, many candidates have been using the Internet as a means to communicate their platform. Symantec said risks for this group include the diversion of online campaign donations, dissemination and misinformation, fraud, phishing and the invasion of privacy. Another trend to watch in 2008 is the rise in the number of new Web-based threats due to an increase in Web services.