Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, December 03, 2009

Security incidents at an all-time high

The Computer Security Institute (CSI) pre-released selected findings from its 2009 Computer Crime and Security Survey.  The survey, now in its 14th year, found that average losses due to security incidents are down again this year (from $289,000 per respondent to $234,244 per respondent), though they are still above 2006 figures.
Respondents reported big jumps in incidence of:
password sniffing (Over 9 percent last year)
Web site defacement (Over 6 percent last year)
financial fraud (Over 12 percent last year)
denials of service (Over 21 percent last year)
malware infection (Over 50 percent last year).

A full one-third of respondents’ organizations were fraudulently represented as the sender of a phishing message.

Most respondents felt their investment in end-user security awareness training was inadequate, but most felt their investments in other components of their security program were adequate.

This year’s survey results are based on the responses of 443 information security and information technology professionals in United States corporations, government agencies, financial institutions, educational institutions, medical institutions and other organizations.

Posted on 12/03