Cybercriminals will focus in 2006 on using companies' weakest points – their employees – to crack into networks for financial gain, said IBM's 2005 Global Business Security Index Report.
"With software and networks becoming increasingly more secure, it is anticipated that many of these criminals may target the most vulnerable access point within a company or organization – its personnel – to execute an attack," the Armonk, N.Y., company said in a Monday statement.
The study predicted that insider attacks in 2006 will increase, as will attacks on emerging markets, instant messaging networks and mobile devices.
During 2005, the company witnessed the number of mass email attacks and viruses stay consistent with 2004 numbers, while "spear phishing" increased.
David Mackey, director of security intelligence for IBM, said the shift to financially motivated, targeted attacks was the most notable part of the study.
"2005 was a relatively quiet year for global malware outbreaks," he said. "With this trend, I think it's the financial motivation that makes them dangerous."
The more sophisticated attacks are one reason for the decrease in overall worldwide malware attacks in 2005, said Cal Slemp, vice president of security and privacy services for IBM.
"The decrease in pervasive attacks in 2005 is counter-intuitive to what society at large believes is a major threat to their personal data," he said. "IBM believes that the environment has shifted – with increased security protection on most systems and stiffer penalties, we are seeing organized, committed and tenacious profiteers enter this space. This means that attacks will be more targeted and potentially damaging."
"Organizations from around the world – from the public and private sectors – must move quickly and work together to address this growing challenge," he said.