SAN FRANCISCO and LONDON, October 23 /PRNewswire/ --

- Greater intraorganisational planning and collaboration needed as
security and privacy threats converge.

Microsoft Corp today released research showing an acceleration in the
number of security attacks designed to steal personal information or trick
people into providing it through social engineering.

(Logo: http://www.newscom.com/cgi-bin/prnh/20000822/MSFTLOGO)

Microsoft's most recent Security Intelligence Report, a comprehensive 
analysis of the threat landscape, shows that attackers are increasingly 
targeting personal information to make a profit and are threatening to impact 
people's privacy. The report found that during the first half of 2007, 
31.6 million phishing scams were detected, an increase of more than 150 per 
cent over the previous six months. The study also shows a 500 per cent 
increase in trojan downloaders and droppers, malicious code used to install 
files such as trojans, password stealers, keyboard loggers and other malware 
on users' systems. Two notable families of trojans detected and removed by 
the Microsoft Malicious Software Removal Tool are specifically targeted at
stealing data and banking information.

Microsoft also released findings from a recent survey of more than 
3,600 security, privacy and marketing executives across a variety of 
industries in the US, the UK and Germany, including financial services, 
healthcare, technology and government. Conducted by the Ponemon Institute 
LLC, the study found that as security threats increasingly target personal 
information, more collaboration among security and privacy officers is 
critical to avoid costly compromises or breaches of personal information.

The study for the Microsoft Trustworthy Computing Group, titled
"Microsoft Study on Data Protection and Role Collaboration Within
Organizations", found that organisations with poor collaboration were more
than twice as likely as organisations with good collaboration to have
suffered a data breach in the past two years.

Ben Fathi, corporate vice president of development for the Windows Core
Operating System Division at Microsoft, presented the research in a keynote
address to information security professionals at the RSA Conference Europe in
London. Scott Charney, corporate vice president of Microsoft's Trustworthy
Computing Group, will also share the results in his keynote address at the
International Association for Privacy Professionals Privacy Academy in San
Francisco later today.

"As a company committed to providing privacy and security solutions for
our customers, we will continue to evolve our products, practices and
processes as security and privacy become increasingly interdependent and as
threats evolve," Charney said. "There is no one-size-fits-all solution for
organisations looking to effectively collaborate and protect data, but we
hope this research will be a good resource for companies thinking about how
to approach this."

Security and Privacy Threats Converge Under New Attacks

As more people communicate, access and share information online and the
delivery of services and information becomes more personalised, organisations
are collecting larger amounts of personal information to provide services to
customers. Increasingly, organisations need to share information and conduct
business across borders and devices, and with a wide range of internal and
external stakeholders. For cybercriminals, these factors represent greater
opportunities to steal personal information.

"As the security of the operating system improves, we are seeing
cybercriminals becoming more sophisticated, diverse and targeted in their
methods of stealing personal information," Fathi said. "Personal information
is the currency of crime, and malicious attackers are targeting it to make
their cyberattacks and other scams more authentic, credible and successful,
and to make a profit."

Microsoft's Security Intelligence Report provides customers and partners
with a comprehensive understanding of the types of threats Microsoft
customers face today so they can take appropriate action to help ensure they
are better protected both now and in the future. According to the latest
report, released today, during the first half of 2007, there was a growing
number of security attacks by trojans, which often target personal
information, and an upward trend in the use of malware to compromise the
privacy and security of user machines. In that same time period, backdoors, a
category that includes bots, posed the most significantly increasing threat
to instant messaging users as attackers continue to use them to control
systems and violate user privacy.

The Relationship Between Security, Privacy and Data Use Functions

With security threats increasingly posing a greater threat to privacy,
data protection requires involvement from several groups within an
organisation that typically have different objectives and responsibilities.
The research conducted by the Ponemon Institute showed that where the
collaboration between security and privacy functions is good, the risk of a
data breach is lower. Seventy-four per cent of companies that admitted to
poor collaboration said they had experienced one or more significant data
breaches in the last two years. However, only 29 per cent of companies that
claimed to have good collaboration reported one or more breaches in the same
period.

The research indicates there are tensions within organisations over how
data should be managed. Security and privacy professionals see customer data
as an asset to protect, while in functions such as marketing where personal
data is collected and used, employees are more likely to see it as a resource
to achieve business objectives. Conversely, representatives from all three
functions agree that the theft or loss of customer data has a potentially
damaging impact on brand value and organisational reputation.

"A lot of companies are struggling with approaching data protection
holistically, because security and privacy people often don't even speak the
same language and often report to different parts of the company," said Rob
Enderle, principal analyst at the Enderle Group. "Understanding the issues
and getting security, privacy and business leaders together to discuss ways
to approach this collaboratively is a good first step for organisations."

One finding in particular from the survey provides evidence that some
organisations struggle to align security, privacy and marketing functions.
According to the research, 78 per cent of security and privacy executives
said they were confident that their marketing colleagues consult them before
collecting or using personal information. However, only 30 per cent of
marketers said they actually do so.

Another key finding from the research found that preserving or enhancing
an organisation's reputation and trust is important, especially for marketing
professionals. More than 65 per cent of marketers who collect and use data
reported that preserving or enhancing the organisation's reputation and trust
was among the most important business drivers for data protection. Avoiding
threats is the top business driver for security professionals, and regulatory
compliance is the top driver for privacy and compliance professionals. This
finding suggests that when approaching data protection issues with marketers,
security and privacy professionals will benefit from communicating the
reputation and trust impacts associated with a lack of focus on avoiding
threats of managing compliance.

About Microsoft

Founded in 1975, Microsoft (Nasdaq: MSFT) is the worldwide leader in
software, services and solutions that help people and businesses realise
their full potential.

About Microsoft EMEA (Europe, Middle East and Africa)

Microsoft has operated in EMEA since 1982. In the region Microsoft
employs more than 13,000 people in over 60 subsidiaries, delivering products
and services in more than 138 countries and territories.

This material is for informational purposes only. Microsoft Corp
disclaims all warranties and conditions with regard to use of the material
for other purposes. Microsoft Corp shall not, at any time, be liable for any
special, direct, indirect or consequential damages, whether in an action of
contract, negligence or other action arising out of or in connection with the
use or performance of the material. Nothing herein should be construed as
constituting any kind of warranty.

Web site: http://www.microsoft.com