Category: Statistics

Postini also noted in July a continuing rise in encrypted email traffic, as organizations around the world increasingly use encryption to protect sensitive communications with their business partners, contractors, regulators and remote employees.

The ability to encrypt email, based on an industry standard called Transport Layer Security (TLS), is built into every modern email server and is easy and free to use.

http://www.darkreading.com/document.asp?doc_id=100733&WT.svl=wire_2

On the surface, the results of the 11th annual CSI/FBI Computer Crime and Security Survey are positive, with fewer companies reporting financial loss from data breaches compared to last year. But a majority of companies are still reluctant to report security breaches to law enforcement, suggesting that the survey isn’t capturing the full extent of the problem. Respondents tell us that they are keeping their cybercrime losses lower,” CSI Director Chris Keating said in a statement. “At the same time, our economic reliance on computers and technology is growing and criminal threats are growing more sophisticated, so we shouldn’t overestimate our strengths.”

About 25% of respondents said they reported computer intrusions to law enforcement, compared with 20% in the previous two years. But the percentage is still small, and CSI said a big reason for the drop in financial losses, as reflected in the overall survey results, is a decrease in the number of respondents able and willing to provide estimates.

“Even in an anonymous survey, only half of the 616 U.S companies surveyed were willing to share overall cost figures from financial losses resulting in security breaches. The impact of the Sarbanes-Oxley Act on information security remains substantial,” the report said.

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1199280,00.html

Despite the fact that instant messaging technology is nearly ubiquitous in the enterprise, and has been for some time, according to a new survey nearly 60% of organizations do not have any security technologies in place to defend against IM threats. Nearly all enterprises have developed email archiving, retention and inspection policies, but the survey results suggest few organizations have extended that to their IM systems. It starts with visibility. Most IT departments don’t have any visibility into the IM deployments in their enterprises,” said Andrew Burton, senior product manager at Symantec. Burton said IM security is an issue, but enterprises should also address IM usage policies, data leakage and risk management. “These three areas have been addressed in email security,” he said, “but most organizations haven’t viewed them as something they need to address with IM.”

Some industries, most notably financial services and securities trading, have developed regulations that specifically govern the usage of IM clients and require logging and archiving of IM conversations. Other industries are beginning to follow that lead, Burton said, but slowly, for the most part. “With regulatory compliance, life sciences and health care are starting to see the need for this. Government is coming on board, too,” he said. “In terms of governance, we’re seeing a broader movement across industries to secure IM in order to comply with audits and IT governance requirements.”

Burton attributed the increase to several factors, but noted that IM attacks often are more effective than email attacks, given the ease with which threats can spread through a user’s contact list.

“There’s a larger footprint [for IM] now, and the number of users attracts attackers,” he said. “Plus, the effectiveness is higher. Once someone is infected, the social engineering aspect of IM increasing the likelihood that other people will fall victim to the attack.”

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1199145,00.html

SSL-VPNs offer the promise of simple remote access connectivity since from an end user standpoint they typically involve just a Web browser to access a corporate network. They differ from their principal technology competitor IPSec VPNs in that IPSec typically requires an additional client application.

Nearly half the revenue comes from large organizations, with medium-sized outfits accounting for a third and small companies only by 21 percent.

http://www.internetnews.com/stats/article.php/3618756

“These survey results demonstrate that even though organisations are investing in security technologies, they still aren’t achieving the results they seek,” said Toby Weiss, senior vice president and general manager of CA’s Security Management Business Unit. “Clearly, more work needs to be done in terms of improved security management itself and better education of business users about the importance of IT security best practices.”

The survey also found that organisations are turning to identity and access management technologies to improve security, enable regulatory compliance and reduce costs. More than 75 per cent of the organisations surveyed have implemented some form of identity and access management functionality, and are continuing with investments. An additional 18 per cent plan to begin rolling out an identity and access management solution or extend their deployments over the next 12 to 18 months.

http://www.crn.com.au/story.aspx?CIID=39872&src=site-marq

Training, in particular, shows the greatest economies of scale: It costs companies of $1 billion or more just $18 per year to train their employees in IT security; that same training costs $318 per year in companies of under $10 million. The data might be something of a vindication for smaller companies, which have come under fire recently for moving too slowly in the deployment of security tools and standards such as the Payment Card Industry’s Data Security Standard.

Some 47 percent of respondents now are allocating less than 3 percent of their total IT budget to security, which compares to 35 percent in last year’s survey, according to the study. By contrast, 34 percent are now allocating more than 5 percent of their budgets to security –up from 27 percent last year.

http://www.darkreading.com/document.asp?doc_id=97818&WT.svl=news1_1