We are seeing a renewed level of interest in various types of external threats owing largely to some really clever techniques employed by spammers, hackers and others, who are using technologies including Flash and SQL to lure unsuspecting victims. Here are some considerations:

* MessageLabs reports that some hackers are uploading Flash files to photo-sharing sites. A spam message is then sent containing a link to the Flash file which, when clicked, will redirect victims to a Web site containing malware. Commtouch has found similar types of attacks with Flash files hosted on legitimate Web sites.

* SQL injection attacks have infected numerous Web sites recently, including the Web site of British chef and TV personality Nigella Lawson and the City of Madison, Wis. Sophos reported that Web sites are being infected three times faster in 2008 than they were in 2007. At least 70,000 Web sites have been infected since the beginning of 2008.

* During the Olympics in Beijing last month, F-Secure noted a huge increase in the number of attack directed against Chinese-language Web sites.

None of this is all that surprising in and of itself, but what is surprising is that not everyone is taking these types of attacks seriously. For example, in a security study we completed earlier this year, we found that 21% of organizations would not have budget in place to protect against adware or spyware by early 2009, and only about one-half of organizations will likely or definitely purchase Web defense capabilities through summer 2009.

Web-oriented threats will become significantly more important and more serious in a Web 2.0 and unified communications world because of the greater reliance on Web-based tools and more sophisticated attacks by hackers and others.

Michael Osterman is principal analyst of Osterman Research.