THE long-drawn battle raging between malicious hackers and computer security specialists shows no signs of slowing down. If anything, the common prognosis among security vendors is that cyber-crooks are likely to get smarter and the deluge of unsolicited e-mail will continue to be the bane of Internet users in the year to come.

'The greatest challenge we seem to be facing today is that there has been a major shift in cyber-attacks, and thus cyber-security. Viruses are no longer spread through mass attacks, but rather through attacks which are calculated and far more targeted, targeting individuals who can be exploited through vulnerabilities in their systems,' said Eric Chong, country manager, consumer/SOHO segmentation of security software maker Trend Micro.

Echoing his sentiment, Bill Robbins, Symantec's senior vice-president of Asia-Pacific and Japan, said: 'One of the major challenges we face is an evolving threat environment. Attackers are getting smarter and they're finding new and innovative ways to attack enterprises and consumers, with financial gain as the leading motive.'

'2006 was a year in which professional crime organisations blanketed the Internet seeking financial gain with criminal intent,' added Benjamin Low, Secure Computing's country manager for the Asean and India region.

Indeed, recognising that money is now the driving force behind most malicious hacking attempts, the local financial sector has already taken steps to tighten security for their Internet transactions. This comes after several attempts by hackers to spoof the online banking portals of local banks, with OCBC falling prey to such a phishing scam earlier this year.

To meet a mandate spelt out by the Monetary Authority of Singapore, banks operating in Singapore have all rolled out so-called two-factor authentication tools in the last few months. This means users will have to use pager-like hardware tokens or other methods like their mobile phones to verify their identities for Net banking. This comes on top of typing in usernames and passwords at the bank's login page.

'Singapore has a very unique set of market requirements because it has quite a number of key vertical markets which require the highest levels of security. The Singapore government is one of the most security-conscious bodies in Asia-Pacific,' Mr Low explained. While steps have been taken by banks to strengthen their cyber defence, other loopholes are emerging by the day from a host of popular Web-based applications like online chat and Internet gaming.

'The technologies embraced by companies and today's youth, such as instant messaging, will likely become a new battleground for online threats,' said Symantec's Mr Robbins.

'Personal information and digital assets are at risk. Threats have become Web-based and these have exploited those who have become comfortable with making transactions online,' added Trend Micro's Mr Chong.

Worse, Internet users are likely to face a double whammy of new security threats, as well as the continued onslaught of unsolicited e-mails from scammers and recalcitrant Web merchants.

'Spam volumes will also continue to grow in 2007, accounting for over 95 per cent of all e-mail by the end of the year. Image-based spam will continue to proliferate and be utilised by fraudsters, such as Nigerian-spam scammers, phishers and spammers, and e-mail-based worms will continue to dominate the virus scene,' said Secure Computing's Mr Low.

With no reprieve in sight, all the security specialists BizIT spoke to highlighted the need for heightened end-user education to combat cyber criminals. While technology-based defences are improving, they must be complemented by a security-conscious mindset to be more effective.

'It has been especially challenging trying to educate Singaporeans about the risks on the Internet and thus to educate them on how to get protected,' said Mr Chong.

'In Asia, consumers are still thinking about virus attacks on a big scale, while the consumers in the US and Europe are already feeling the impact of targeted attacks that have caused financial losses through the compromise of their personal information,' he added.

'We need to raise the entire consciousness level of what is safe behaviour online and what is not. For example, if it is midnight and you park your car in a run-down and threatening neighbourhood, you would behave in a certain way, as you have developed a sense of how to deal with this situation in the physical world. We need to deliver that same kind of sixth sense in the digital world,' Symantec's Mr Robbins stressed.

This article first appeared in BT on December 21, 2006