IT managers can be fairly certain that their corporate networks will fall victim to malware this year, according to a report from Stamford, Conn.-based researcher Gartner Inc.
What is less certain is what they can do to prevent it.
Gartner predicted recently that 75% of all enterprises will become infected with undetected, financially motivated malware by the end of 2007. Gartner researchers developed their predictions based on the threats they and security companies have seen over the last year.
"These infections are dangerous stuff, and many times they're never detected," said Daryl Plummer, a managing vice president at the research company and a Gartner Fellow. "When companies become aware that data has been taken or interfered with, the problem is not only in the quantity of infections but the fact that they are increasingly financially motivated," Plummer said.
"Most people are complacent about their security patching and protection strategies, thinking they are fine or it'll never happen here," said Eric Shurts, an antivirus and desktop security administrator for a Chicago company that he declined to identify. "Those that have been burned by any malware breakouts that have impacted them [beyond] just a slight annoyance have actually started to rethink their processes and procedures to be better prepared," Shurts said. "So, hopefully that means more than 25% are better prepared or protected now, but it could be safer to be overcautious than to think all is well in IT utopia."
Several years ago, Shurts said he dealt with malicious code in email with worms like Zotob and Blaser that caused network problems, but now he is more focused on zero-day attacks because they're growing. Since the worm outbreaks, Shurts said adjustments to the firewall and antivirus protection have improved network security and have created emergency response teams that deal with breaking security issues.
For many IT managers, however, the most insidious attacks are from rootkits.
"[Root kits] are really hard to detect because they replace code at the kernel level," said Mark Mrotek, IT security administrator for the city of Peoria, Ariz. "They can corrupt the operating systems and split themselves and then make other machines launch attacks," said Mrotek. "They're like Eddie Haskell -- they just sit there and manipulate everything around them."
Another concern are "social engineering" attacks, in which hackers contact employees of a company through official-looking email, attempting to elicit important personal and corporate data by misrepresenting themselves as officials from banks or other institutions.
Peoria employees have been called by hackers hoping to trick people over the phone into providing crucial data, said Mrotek. Employee education has become an important aspect of his outreach, on top of moves like blocking the use of printers and mice at USB ports to protect data and limiting access to certain types of data.
Plummer recommends that companies invest in intrusion prevention systems, network access control that quarantines infected or unprotected machines, as well as identity and access management and vulnerability management processes and products.
No matter what processes and products have been put in place to protect a network, there is still no guarantee they will continue to be successful, according to Shurts. "There is always a new means to get around the systems in place. That's why we have monthly security patches," he said.