Websense highlights ‘crisis of trust’ in IT security

End users' faith in IT security has been put to the test more than ever over the past year, according to online security company Websense's 2013 annual threat report.

"Cyberthreats broke new ground with mobile devices, while reaching deeper into social media. Online criminals also stepped up attacks via email, web and other traditional vectors," the report's authors claim.

Organisations that treat different cyberthreats as separate and distinct risks leave themselves unprotected.

According to the report, Websense detected an almost six-fold increase in malicious sites, of which 85 per cent were found on legitimate web hosts that had been compromised.

Additionally, the use of shortened links on social media introduced a new threat, with 32 per cent being malicious. This was accompanied by a boom in malicious, compromised or vulnerable smartphone apps (48 per cent).

The proliferation of new and more advanced cyber threats combined with increasing attacks against new technologies, such as smartphones, has lead to a crisis of trust, with enterprises no longer able to rely on their IT departments to protect them against the barrage, the authors claim.

"Cybercriminal activity last year also showed highly evolved attack strategies designed to work across multiple attack vectors, in multiple stages," the report states.

"[These are] often launched from multiple geographies, to evade conventional defences and provide redundancy and scale to their attacks," the authors added.

Additionally, in a development that is described as "alarming", CISOs reported they are unprepared to meet longstanding threats such as ultra targeted phishing attacks, known as spearphishing, let alone new threats delivered via social and mobile platforms.

"Taken as a whole, the data makes it clear: organisations that treat mobile threats, email threats, web threats and other cyberthreats as separate and distinct risks leave themselves unprotected against highly sophisticated, blended attacks coordinated across multiple vectors," the report claims.

"Moving forward, effective protection will be predicated on inline, real-time defences that are unified across attack vectors," the authors conclude.

Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.