Sumitomo spyware scare: What have we learned?

Security experts have long held that the latest threats need to be seen to cause large-scale damage before people take them seriously. But will the Sumitomo near-miss prove a catalyst for enterprise spyware protection after the bank was the subject of an attempted £220m key logger-enabled heist?

Opinions are divided with some experts warning that other banks and businesses will continue to believe "it couldn't happen to us".

Simon Perry, VP security strategy at CA, said: "Is this the wake-up call? I suspect that this will get it on organisations' radar but it will be interesting to see whether it remains on the screen or drifts below the horizon again after a while."

Mark Sunner, CTO of MessageLabs, was even less optimistic that companies will now see the threat posed by spyware.

Sunner told silicon.com: "Sumitomo's near miss will be long forgotten by Monday morning because I think people have failed to make the connection that this really does affect them too."

Peter Dorrington, director of fraud solutions at SAS, told silicon.com: "There is definitely still a feeling that 'it couldn't happen here'. But we have to be very careful about corporate apathy. We shouldn't assume just because it got caught this time it is easy to catch. It will always be easy to catch stupid criminals or those who make a mistake somewhere along the line but it's the clever criminals we really need to lose sleep about."

Dorrington warned that parties on both sides of the fence will have learned from this experience, saying criminals are just as likely to hone techniques as a result of the Sumitomo sting coming so close.

"This was a very big case and it seems they were very close to getting away with it. The next bank may not be so lucky.

"Not just banks but all businesses should take this as a very serious warning."

MessageLabs' Sunner said: "I suspect the bad guys are still coming to terms with the sheer scale of what they might be about to reap from such fertile ground, whilst awareness remains so low. Sadly, I think it will take one or more big disasters that actually happen before the masses really do wake up to this."

"That's not meant to scaremonger, this is a very serious issue," he added.

CA's Perry said: "What it should tell companies is that spyware is not simply an issue for home users concerned over their personal privacy - it is a legitimate corporate security concern.

"The lesson is look for it, remove it, it is dangerous," he added.

Proper audits are one measure which should be properly undertaken. Recent research from Websense revealed 95 per cent of European companies audit their PCs – though 20 per cent only do so once per year and Mark Murtagh, technical director at Websense, told silicon.com he fears this may still constitute little more than 'headcount' – "how many PCs they have and what operating system they are running".