Most of the attention on a recent report from ScanSafe, a Cisco-owned security company, has been on the fact that attacks on Adobe PDF Reader vulnerabilities comprise up to 80% of PC attacks. That’s actually not quite right. The ScanSafe threat report doesn’t cover programs that work directly with the Internet like Web browsers and e-mail clients. Instead, it only covers programs that can be successfully attacked after files have arrived in a PC over the Internet. For my money, the important news in the report is just how totally computer hacking has become a business aimed at other businesses.
Don’t get me wrong. It’s vital to update your copies of Adobe Flash Player, Acrobat and Reader with the latest patches. But, what caught my attention in this report is that by focusing so much on the trees of individual security problems and patches we may be missing the forest of a parasitic industry.
According to ScanSafe, “Few victim companies choose to self report. Instead, the breaches that get acknowledged publicly are generally only those which involve theft of consumer or employee data – and only then because the laws require it. This selective disclosure fuels the misconception that cybercriminals are only intent on stealing data intended for credit card fraud and identity theft. In reality, cybercriminals are casting a much wider net.”