Security vendor's FUD marketing

The Websense Security Trends Report covering the first half of 2006 was just released. I'm not sure that the world is better off with yet another security vendor telling us that Phishing, malicious websites, malicious code, hacking tools, P2P, IM and Chat attacks have all increased. And I get the message that professionals use hacking tools and are motivated by potential financial gains. That's about it for this report. It is FUD marketing. The intent is to create demand for security products, but I am beginning to think it does exactly the opposite by pointing out the futility of security products to stop attacks.

I was planning to be an actuary in my misspent youth so I love data, but I still have to ask the "so what" questions ...

"What am I supposed to do with this information?" I would like to see this research become more actionable. If "35% of all malicious websites are hosted on web servers that have been compromised", then please tell me how to avoid those sites.

Websense does tell me that 93.1% of discovered Phishing attacks target financial services. This is a good reminder to only use a good old-fashioned telephone when responding to any electronic bank request for information. Other than that, I am not sure why this report even exists.

"Why do security vendors trumpet their helplessness to protect businesses?" The report states that "Automated vulnerability scanning for server and client exploits is becoming more intelligent, and attackers are taking full advantage." I can't help but think that security professionals have intelligence and tools to find vulnerabilities too. I guess they are not working so well.

Websense Security Labs did not report a single decrease in any type of attack. Not one. The easiest conclusion is to be sure IT has every possible means to recover and rebuild from inevitable infections. Security has a real hard time demonstrating the effectiveness of our defenses.