Category: Statistics

Though most of the executives surveyed believe that the majority of threats originate from within the organization, 89% identified viruses and worms as their primary security. Nevertheless, they appear optimistic that the risks from these kinds of malicious code can be contained. Only 83% expect viruses and worms to be the primary threat two years from now.

However, there is growing concern about the predations of hackers and crackers. Some 57% of respondents identified hackers and corporate espionage as a top threat, double what it was two years ago. “The new capabilities of the ubiquitous network are great for commerce, but open a whole new dimension of risk,” AT&T vice president of managed security services Stan Quintana said in a statement. “A multi-layered approach to security is required.”

Indeed, AT&T and EIU report that organizations are willing to put the necessary resources into security to meet the threats. The survey found that network security spending has stabilized at about 15% of IT budgets.

http://www.securitypipeline.com/news/173601939

The survey also revealed that small-medium-size businesses security concerns are more application focused where providing virus protection for the network is the biggest challenge.

As a networking vendor for service providers and enterprises, Nortel is keenly aware of the changes impacting today’s networks, particularly the unprecedented growth in wireless access and types of devices.

Survey’s additional findings showed that 55 percent outsource some network security functions; of these, 25 percent outsource all network security solutions; 60 percent saying they preferred to standardize on one source for security solutions.

http://www.ebcvg.com/articles.php?id=912

About one-in-six pieces of spyware — a category that also includes adware — is “specifically designed for identity theft,” said Aladdin in a statement.

Another 25 percent of the spyware examined gathers information non-identity information, but was classified by Aladdin as a “moderate threat” because these programs collect such data as the victim PC’s operating system, domain name, process logs, security applications, IP address, and security updates installed.

The remaining 60 percent, said Aladdin, gathered “commercial-value information about the end user’s browsing habits,” the traditional definition of the often noxious but rarely dangerous adware.

http://www.techweb.com/wire/security/170703179;jsessionid=KK01LHWEU4STQQSNDBCSKH0CJUMEKJVN

Considering the costs involved, AT&T chief marketing officer Kathleen Flaherty commented that this kind of attitude was shortsighted. “With today’s heavy reliance on constant access to information, even a few hours of downtime can have catastrophic consequences, including huge financial losses, a tarnished reputation and lost customer goodwill,” she said in a statement.

While it might be expected that, once bitten, a company would be motivated to take corrective action, this does not seen to be the case. The study found that almost a quarter of the companies that had endured some kind of disaster remain unprepared, and less than half have updated their continuity plans for the last six months.

“The results of this survey show that companies are taking an unnecessary gamble with their futures,” IAEM executive director Elizabeth B. Armstrong said in a statement. “The cost of developing a business continuity plan and implementing a technology infrastructure to support the plan is minimal when compared to the daily financial impact once disaster strikes.”

http://www.informationweek.com/story/showArticle.jhtml;jsessionid=2ZL3WBYEHST0SQSNDBCSKHSCJUMEKJVN?articleID=170702762

The government sector was the most targeted industry, with more than 54 million attacks, while manufacturing ranked second with 36 million attacks, financial services was third with approximately 34 million, and healthcare was hit with more than 17 million attacks – accounting for more than 137 million of all attacks this year.

IBM has seen a resurgence of targeted phishing attacks for money laundering and identity fraud purposes, believed to be largely driven by criminal gangs that have become more astute in the creation and delivery of such attacks.

According to its latest Global Business Security Index, in the first half of the year, there were more than 35 million phishing attacks launched to steal critical data and personal information for financial gains. Spawns of phishing threats such as ‘spear phishing’ – highly targeted and coordinated attacks at a specific organisation or individual designed to extract critical data – increased more than ten-fold since January of this year alone.

Unlike in previous years, when viruses were mainly created and launched to slow down and cripple IT systems, these types of ‘customised’ attacks have shown their potential to defraud businesses, steal identities and intellectual property and extort money, while damaging the brand and eroding customer trust.

The ratio of spam to legitimate email continuously decreased over the course of the last six months, from 83 percent in January to 67 percent in June 2005, while virus-laden email increased fifty percent over the same period. At first glance what appears to be good news, the levelling off of massive outbreaks that cripple IT environments on a regional or global basis in the past six months seemingly indicates that hijacking computers to send spam is no longer the network disruption of choice.

“IBM advises its clients to rapidly adopt a holistic, enterprise-wide approach to security and risk management,” said John Lutz, general manager, Financial Services Sector, IBM. “To protect their critical data, infrastructure, brands, and money, IBM advises businesses to rethink how they protect their operations, business processes and governance structures.

http://www.ebcvg.com/articles.php?id=825

Virus attacks continue as the source of the greatest financial pain, making up 32 per cent of the overall losses reported.

But unauthorized access showed a dramatic increase and replaced denial of service as the second most significant contributor to cybercrime losses. Unauthorised access was fingered for a quarter (24 per cent) of losses reported in the CSI/FBI Computer Crime and Security Survey 2005.

Meanwhile losses from theft of proprietary information doubled last year, based on the survey of 700 computer security practitioners in various US corporations, universities and government agencies.

The study found fears about negative publicity are preventing organisation from reporting cybercrime incidents to the police, a perennial problem the CSI/FBI study reckons is only getting worse.

Assuming that this isn’t true of what respondents also told CSI’s researchers (academics from the University of Maryland), the study presents a picture of reducing cyber crime losses that contrasts sharply with vendor-sponsored studies.

Chris Keating, CSI Director, said its study suggests that organizations that raise their level of security awareness but warns against complacency in the face of a changing cybercrime threat. “Individual users are more exposed to computer crime than ever, due to the growth in identity theft schemes. We can’t help but note the shift in the survey results toward more financial damage due to theft of sensitive company data. This is an ominous, though not unexpected, development and underscores the need to insist that enterprise networks be properly safeguarded,” he said.

The CSI/FBI Computer Crime and Security Survey aims to help determine the scope of computer crime along with promoting security awareness.

http://www.theregister.co.uk/2005/07/18/csi_fbi_security_survey/