Everyone knows users are the soft spot in security programs. They've even confessed in recent surveys that they take more risks at work -- opening strange email attachments, clicking bizarre IM links and downloading dubious programs -- because they can. Phish scams and spyware, the two major malware trends in 2005, will continue to proliferate with the aid of increased technical proficiency and sophisticated social engineering. Already we've quickly gone from phony financial Web sites to human-resource e-mails to fake jury duty notices and false subscriber notifications. That means security must continue to save us from ourselves. Just be aware some of the biggest offenders are probably sitting in the boardroom.
This is an excellent round-up of the security issues of the last year, including compliance issues, and identity theft, both of which should be of interest to readers here.