Category: Statistics

The survey of more than 2,000 individuals found that viruses and worms, cited by 54 percent of respondents, and spyware, selected by 51 percent, continue to be the top two information security threats organizations face today.

Nearly three-quarters of respondents surveyed (71 percent) said their organizations allow mobile and remote employees to access data and networks, yet relatively few have implemented security awareness training tailored specifically for the mobile and remote workforce.

Yet among organizations that have implemented such training for remote and mobile employees, 92 percent of respondents believe that the number of major security breaches has been reduced.

http://www.net-security.org/secworld.php?id=6148

In April, Hong Kong reclaimed the top-spot from Switzerland as the most spammed country with spam levels reaching 83.7 percent of all email. Spam levels in the US reached 70.1 percent in April, 75 percent in Canada and 66.2 percent in the UK.

Virus activity fell across almost all regions in April, with the largest decrease in India at 0.69 percent, which takes it out of the top five targeted countries. Virus levels fell across many industry verticals during April.

Spam levels fluctuated across several industry sectors in April, with Manufacturing remaining the top vertical for spam activity at 82 percent. The greatest rise was noted in the Accomodation and Catering sector, where spam levels rose by 5.06 percent to 79.5 percent. Spam levels for the Retail sector were 75 percent, 70.8 percent for Public Sector and 68 percent for Finance.

http://www.net-security.org/malware_news.php?id=939

The amount of malware removed from PCs by Microsoft’s Malicious Software Removal Tool (MSRT) jumped 40 percent during the last six months of 2007.

Microsoft’s semi-annual report uses data from various public sources as well as Microsoft’s Malicious Software Removal Tool (MSRT), Windows Defender, Windows Live OneCare, and Exchange Hosted Services.

At the RSA conference earlier this month, Microsoft called for an information-technology industry strategy to increase trust in the Internet. While Microsoft issued fewer bulletins and patched fewer flaws in 2007, the number of flaws in Microsoft Office jumped, though the company pointed out that most only seriously affected earlier versions of the program.

http://www.securityfocus.com/brief/727?ref=rss

“In 2005, there were a lot of [malware-driven] attacks going on, but now, a lot of companies feel they’ve done things to mitigate them,” says Rick Blum, director of strategic marketing for BT’s INS services and administrator of the survey… There’s also greater acceptance of risk in many enterprises, and a sense that malicious code isn’t as scary anymore…. “I don’t think people outside the IT security profession realize the influence that profit has had on the development of malware and cyber crime overall,” he says.

“They see that the noise surrounding attacks has died down, and they mistake that as a sign that the threat is easing off… But what’s really happening is that instead of fighting 17-year-old graffiti artists, they’re now fighting sophisticated cat burglars.”

While enterprises’ overall feeling of security against malicious code remains high, there is a greater awareness of internal threats than there was in 2005, according to the study. While 44 percent of respondents said external attacks are their greatest concern, 56 percent said their worries about internal attacks are as great, if not greater” said Doug Drew, senior security consultant at BT.

“We have seen malicious code introduced by internal sources, either as a means of accessing data that the user isn’t authorized to access or in the form of sabotage, such as logic bombs,” says Drew. As deployment of malware becomes more profitable for criminals, many attackers may bribe or blackmail internal employees to help them distribute it from inside, he observes.

Educating users on security policies remains the most significant barrier to improving enterprises’ ability to protect against malware, cited by 56 percent of respondents, according to the study.

http://www.darkreading.com/document.asp?doc_id=151382&WT.svl=news1_5

Nearly 60% of Americans are fearful someone will steal their account passwords when they bank online, and 38% do not trust making payments online, according to a survey of 1,000 U.S. adults conducted by TNS Sofres on behalf of digital-security company Gemalto.

Bank accounts were the most commonly advertised item for sale on underground computer servers, accounting for 22% of all items in the last six months of 2007, according to a Symantec report this week.

Several analysts, including John Pescatore of Gartner, point to the escalating threat of bots, sprawling networks of compromised PCs controlled by criminal groups. The top bot nets send a staggering 100 billion spam e-mail messages each day, SecureWorks says.

Speaking of spam and other forms of malicious software code, hackers are using YouTube videos to advertise their goods.

In one post, a group from Albania offers to illegally break into corporate networks to steal data and implant malware, says Don Jackson, director of threat intelligence at SecureWorks.

http://www.usatoday.com/tech/news/computersecurity/2008-04-10-cybercrime-computer-security_N.htm

The Ponemon Institute isn’t pulling these figures out of the ether – it talked to 21 UK companies about how much actual data breaches cost them.

Customer expectations of trust mean they also suffer a higher cost of lost business.

Phillip Dunkelberger, CEO at PGP Corporation, told The Reg: “Companies are increasingly waking up to the real cost of data losses, especially the cost of losing customers.

Ponemon estimates customer churn rates to go up by an average of 2.5 per cent after a data loss, but the worst example in the UK saw churn rates go up by seven per cent.

http://www.theregister.co.uk/2008/02/25/data_breach_real_cost/