The No. 1 reason for data breaches is lost and stolen computer equipment and not computer hacking according to the sixth volume of Microsoft’s Security Intelligence Report. This latest report covers the second half of 2008.
Rogue security software takes advantage of users’ desire to keep their computers protected. The rogue software tricks them into paying for protection that is actually malware offering little or no real protection, and is often designed to steal personal information. For example, two rogue families, Win32/FakeXPA and Win32/FakeSecSen, were detected on more than 1.5 million computers by Microsoft software, catapulting them into the top 10 threats in the second half of the year.
“We continue to see an increase in the number of threats and complexity of those threats designed to implement crime at a variety of levels online,” said Vinny Gullotto, general manager of the Microsoft Malware Protection Center. “But as Microsoft and the industry continue to improve the security of our products and people become more concerned about their online safety and privacy, we see cybercriminals increasingly going after vulnerabilities in human nature rather than software. By working with others across the industry, Microsoft is helping combat the next generation of online threats through a community-based defense resulting from broad industry cooperation with law enforcement and the public.”
The proactive steps Microsoft recommends for individuals and businesses include these:
- Configure computers to use Microsoft Update instead of Windows Update
- Make sure that updates also are enabled when possible for third-party applications.
- Use an anti-malware product from a known, trusted source, and keep it updated.
- Avoid opening attachments or clicking on links to documents in e-mail or instant messages that are received unexpectedly or from an unknown source.
- Enterprises may use the Microsoft Security Assessment Tool (MSAT) to help assess weaknesses in their IT security environment and build a plan to address the risks.