Category: Statistics

The automated virtual computers, also known as client-side honeypots or ‘honeymonkeys’, have been used to research current online threats by Microsoft and other companies.

SiteAdvisor is the first attempt to turn the data generated by such computers into a service.

Microsoft used its honeymonkeys to browse the riskier side of the Web for servers that use zero-day exploits against visitors. The University of Washington used similar techniques to survey the Web and find that one in twenty executables on the Internet contain spyware.

http://www.securityfocus.com/brief/156?ref=rss

Computer virus statistics from the Commtouch Detection Center indicate that 40% of attacks during January met this profile.

Also, there is a clear connection between the attack’s speed and its intensity — the faster attacks are the biggest ones: while the average distribution time of low intensity attacks is a “leisurely” 27 hours and medium-intensity attacks can take 17 hours, massive attacks take as little as 5.5 hours to spread in hundreds of millions of emails.

Based in part on a reliable third party lab test, Commtouch was able to compare detection times of 21 leading AV engines against 19 new viruses in January.

January spam statistics show that 43.18% of global spam is sent from US-based sources (down from approximately 50%).

http://www.alwayson-network.com/comments.php?id=14063_0_3_0_C

Sponsored by the PGP Corporation, the study also focused on how recent data breaches might be influencing the use of encryption and how various state and federal security and privacy regulations might affect the adoption and implementation of encryption technologies. Other issues covered in thesurvey included: The functional area responsible for procuring and implementing encryption.

Common uses and reasons for using encryption.
The types of data elements most likely to be protected by encryption (such as Social Security numbers, credit cards and so forth). Respondents’ level of confidence respondents that encryption will safeguard personal and sensitive information.

Types of data encrypted: The most important types of data that should be encrypted for storage and/or transmission are: business confidential documents (57 percent), records containing intellectual property (56 percent), only sensitive customer information (56 percent), accounting and financial information (41 percent) and employee information (35 percent). Interesting to note that customer and consumer information scored a low 8 percent and 6 percent, respectively.

The top five types of personal information about a customer, consumer or employee that should be encrypted are health information (72 percent), sexual orientation (69 percent), Social Security number (67 percent), family members (66 percent) and work history (57 percent).

Encryption Increases Confidence in Security
The report found that information security and privacy professionals have the most confidence in their organization’s security program when it uses encryption as part of an enterprisewide implementation plan.

As shown, the highest confidence level (.82) is achieved for the group of respondents who report that their companies deploy encryption and have an enterprise implementation plan.

Freq Average Confidence Score* We have an overall encryption plan or strategy that is applied consistently across the entire enterprise.

The primary person most report to is the chief information officer (36 percent) followed by the chief technology officer (30 percent).

http://www.csoonline.com/read/020106/ponemon.html

Secure router revenues on a year-over-year basis grew by 121 percent to $803 million in 2005; shipments nearly tripled.

Matthias Machowinski, directing analyst for enterprise voice and data at Infonetics, said the difference between a secure and insecure router is that the former has some form of included firewall or encryption capability built in.

http://www.internetnews.com/infra/article.php/3586186

Carter also highlighted the similar evolution of mobile viruses, with a few skilled virus writers and a larger group of script kiddies who adapt the work of others.

McAfee has set up mobile virus research groups in its worldwide monitoring stations to track the problem and has released a mobile antivirus scanner. The scanner itself is fairly basic, as it relies totally on signature files and is reactive, but the company is hoping to add heuristics that block malware by its behaviour in future versions.

Several other security software companies have also released packages for mobile phones and corporate telephony departments. Ericsson has just signed up to sell Trend Micro’s mobile security software.

“As the capabilities of smartphones increase, it is ever more important for enterprises to protect themselves from the growing security threat these devices can pose,” said Katarina Löweberg, director of mobile applications at Ericsson Enterprise. “For the first time, mobile operators now have a way to offer their enterprise customers centrally managed protection for smartphones against malicious mobile code such as SMS spam and viruses.”

http://www.vnunet.com/2150470

Hiring When asked which positions were most frequently outsourced, survey respondents listed penetration testing (40 percent), data backup and recovery (23 percent) and biometrics (20 percent).

The “CSO Security Staffing Survey,” conducted by CSO magazine, was administered online in October, 2005.

Thirty-six percent of the survey base work at companies with more than10,000 employees while 37 percent are at companies with 1,000 to 9,999 employees.

When asked about annual gross sales, half (49 percent) of the respondents say they come from companies with annual gross sales of more than $10 billion and 26 percent reported annual revenue between $100 million and $999 million while 24 percent report annual gross sales of less than $100 million.

http://www.csoonline.com/csoresearch/report103.html