The recent Internet Security Threat Report from security vendor Symantec painted a bleak picture for IT security - both now and into the future. The firm outlined myriad threats, including phishing attacks, spyware programs and the spread of malicious code via peer-to-peer networks and web browsers.

Symantec also warned firms to take additional measures to secure portable devices such as PDAs and mobile phones, which will face increasing attacks.

Another problem identified in the report is that devices put in place to secure systems are actually becoming vulnerable themselves. Symantec discovered over 20 flaws in perimeter devices such as firewalls and broadband routers, which are actually designed to prevent intrusions.

Additionally, the security company warned of a dramatic rise in the number of hijacked machines, referred to as bots. Bots hold hidden programs that enable malicious users to remotely control systems for the purposes of gathering confidential data or launching attacks.

Before 2004, there were under 2,000 bots detected per day. Now that figure has increased to an average of 30,000.

Bob Jones, managing director of security company Equiinet, warned that the threats are increasing. "[The danger is worse] both in terms of the number of attacks and the time it's taking for each flaw to be exploited," he said.

Jones added that industry is now relying more heavily on artificial intelligence techniques to thwart attacks as early as possible. He cited Bayesian filtering as a useful self-refining technique that firms could add to the more conventional methods of detection and defence.

However, more traditional forms of attack are still widely used. The report indicated a worrying rise in the number of new Windows-based viruses and worms. Almost 5,000 were discovered during the first six months of this year compared with under 1,000 in the same period in 2003.

The head of IT security at a large investment bank said corporate defences are usually capable of stopping viruses and worms, presuming there is a properly-configured firewall in place. "[But] there's always a chance that a worm might enter through a previously-safe protocol that can't be blocked, for example DNS, HTTP, mail," he said. "So the more different types of attacks being made, the more chances that they get lucky. Sometimes configuration mistakes are made."

At the same time that attacks are increasing, the average period between a flaw being discovered and an exploit being launched has been reduced from seven days to under six days, according to Symantec. Nigel Beighton, Symantec's director of community defence, said firms now have to patch their systems more quickly.

"Whether it's seven days or 5.8, it's still a huge challenge for firms. It became a huge problem once the window fell under a month," he said. "The drop to under seven days means firms can't rely on their normal patch schedules and have to move to an ad hoc scheme, which is more difficult."

One reason for the growing number of attacks is that many firms are relying on older, common systems, said Beighton. "There have not been many technology changes over the past two years, so hackers can reuse exploits," he said. "The rate of attacks will slow down when we see some big technology changes and move to a far more web services-based environment. But we're a few years away from that yet."

For the latest news for IT professionals, visit ITWeek.co.uk