Category: Statistics

“The prospect of zero-day attacks is extremely troubling for organizations of all sizes.”

“In 2003 and then again in 2004, we were hit with devastating worms that exploited vulnerabilities in different applications before we could release the patches from our home-grown deployment process,” said Jim Czyzewski, senior information systems specialist responsible for desktop patch management at MidMichigan Medical Center in Midland, Mich.

http://www.darkreading.com/document.asp?doc_id=130350&WT.svl=wire_1

We queried 649 highly experienced IT professionals, more than 70 percent of which are responsible for managing all or part of their organizations IT budget — a solid barometer for corporate priorities.

Of the 2007 total corporate IT budget, respondents said they have allocated 34 percent for database infrastructure and 20.6 percent for IT security overall.

More than 53 percent believe their databases are critical to their businesses. But only 15 percent said that extending security best practices to the database is a “critical priority” for 2007.

Higher priorities included upgrading applications (25 percent), improving the efficiency of IT (20 percent), and consolidating IT infrastructure (19 percent). Upgrading security overall (13 percent) finished slightly lower, as did supporting Sarbanes-Oxley (10 percent) and upgrading disaster recovery capabilities (9 percent).

Interestingly, 92 percent of respondents are seeking a better tool to help them identify and analyze risk factors that exist within their systems or IT infrastructure.

This makes sense, particularly as a majority of respondents plan no, or only slight, increases in IT staff in 2007. According to our study results, IT security practitioners are fairly confident they can stop hackers from compromising their systems (68 percent), but they are far less certain that they can prevent malicious insiders (43 percent) and negligence (45 percent).

Respondents in larger organizations are more confident than those in smaller-sized companies when it comes to their ability to control these threats. Respondents’ database environments are of substantial scale and complexity — a majority of respondents manage more than 500 databases.

Robust access controls, ease of integration, and the ability to identify unauthorized access are viewed as the three most important features.

http://www.appsecinc.com/news/pr/2007_6_04_Ponemon-Study.shtml

Careless behavior by employees combined with spotty security policies provide plenty of openings for scam artists.

A widely reported study by MarkMonitor, an Internet security firm specializing in brand protection, found a rise in “cybersquatting” (using trademarks on illegitimate sites), “clickfraud” (bogus clicks on ads) and “domain kiting” (illicit Web sites with similar names to well-established sites), along with phishing and other scams.

The better gauge of how CIOs truly feel about security is spending: IT security budgets are growing, and companies are plunking down cash for a broader range of technologies and services. Finding 1: IT Executives Say Security Is Adequate Despite Threats Security snafus often make news, but most CIOs aren’t rattled. As previous CIO Insight surveys have shown, very few IT executives think their companies are at high risk, and most feel their IT security measures are up to the job.

Finding 1: IT Executives Say Security Is Adequate Despite Threats

Finding 2: Online Fraud and Theft Has Hurt Few Companies

Finding 3: Careless Employees and Lost Laptops Are Danger No. 1

Finding 4: Weak Protection Policies Put Social Security Numbers at Risk

Finding 5: Companies Are Diversifying Their Security Spending

Finding 6: More Companies Are Backing Off Windows Amid Doubts About Vista Security

http://www.cioinsight.com/article2/0,1540,2134832,00.asp?kc=EWWHNEMNL052407EOAD

“It is very easy to download information to them quickly,” said Bill Piwonka, VP of product management for Centennial Software, which conducted the survey at this spring’s InfoSec security conference in London. “If there isn’t a defined acceptable use policy or controls to prevent the download and transfer of sensitive data, managers do not know if and how such data is leaving the building.”

To make matters worse, 80% of respondents admitted that their organizations don’t currently have effective measures in place to combat the unauthorized use of portable devices. And 43.2% cited no control at all. The study showed that 65% of IT managers use a USB flash drive on a daily basis.

http://www.informationweek.com/news/showArticle.jhtml?articleID=199300021

Promisec Ltd. regularly conducts comprehensive security audits at customer sites to identify the prime threats to internal network security, originating at endpoints enterprise-wide. The software’s ability to perform discovery and provide reporting across all corporate networks produces a detailed synopsis of processes, devices and other activities on the network which may be outside of corporate policy, revealing the current state of internal network security.

“Organizations are becoming more adept at identifying security threats to their external networks, but internal network security issues represent a substantial problem for businesses challenged with preventing loss of corporate IP and the infiltration of their networks by malware inadvertently introduced by employees and business partners,” said Amir Kotler, CEO of Promisec. “The loss of internal financial data, customer lists and proprietary product details can be devastating while the introduction of malware can significantly slow down business efficiency — all of which can be prevented by implementing a strong endpoint security strategy.”

http://www.darkreading.com/document.asp?doc_id=123171&WT.svl=wire_5

23% said they were able to estimate the total annual cost of data leakage, putting the figure at $1.82 million.

Just last week, the U.S. Department of Agriculture announced that it had exposed the personal identifying information on about 150,000 people over the last 26 years. The agency admitted inadvertently exposing online sensitive information, such as names and Social Security numbers, in a publicly available database, which had existed since 1981.

People are getting fed up with their personal information leaking out into areas where it could be scooped up by criminals working online. A report came out earlier this month from Javelin Strategy & Research showing that 77% of 2,750 consumers polled said they would stop shopping at stores that suffer data breaches.

http://www.informationweek.com/news/showArticle.jhtml?articleID=199201085