Category: Statistics

Even more important, said Robert Richardson, the editorial director of CSI and the author of the report based on the poll, was the finding that the percentage of those polled who have experienced attacks of various types continued to tail off in 2004.

Most categories of cyber crimes have been on the downturn since 2001, the survey’s figures show, with the biggest drop found in denial-of-service (DoS) attacks. In 2001, DoS attacks were experienced by over 90 percent of those polled; in 2005, fewer than 50 percent said they’d been the victim of a DoS attack in the last 12 months. “It’s a four-year trend now, which is good news,” said Richardson.

Losses reported per respondent due to unauthorized access crimes was up a huge 580 percent in 2005 over 2004, while theft of proprietary information because of a security breach rose 211 percent. “This is where you see the spike related to things like identity theft,” said Richardson.

“When Acme Credit Card Authorization Transaction Co. finds out they’ve had an intruder who may have stolen records, that’s certainly a bad thing, but while that discovery is going on, credit card transactions are still being processed.” Acme’s explicit loss, which is what this survey measures, may be the cost of accessing the damage, which would probably be small. What may not be small would be the loss due to customers lost because of that disclosure.

Another thing that can’t be gleaned from the survey, said Richardson, is a solid risk assessment of current dangers, even though that might be tempting. “The wrong thing to take away [from the positive data here] is that the risk of attack has dropped,” he said.

“Security breaches, especially when widely publicized, can be disastrous, both in terms of customer relations and financial results, such as a loss of market capitalization due to bad publicity. What you can take away from this year’s survey is that we’re getting better at handling the routine security stuff, but not the much more aggressive attacks,” he continued. “Why? Because we haven’t seen one, not the kind that people keep predicting will sweep through the Internet before companies can react.”

http://www.techweb.com/wire/security/165702436

The research identified that nearly 65 percent of private sector CIOs are working with a number of outsourcers simultaneously, making effective management even more of a priority. In contrast to this, less than half 45 percent of public sector organizations had more than one outsource partner. Post-outsourcing, less than 7 percent of CIOs in the private sector had seen significant changes to their in-house skill set, whereas in the public sector the number experiencing a change was four times higher 28 percent.

This may indicate that the public sector is developing relationship management abilities in its in-house teams, as well as giving them the opportunity to learn new skills in support of their core businesses.

“CIOs are looking for their teams to manage the overlaps and interfaces of multi-vendor relationships effectively. It is only those organisations that do get it right who will get the most out of outsourcing,” said Ben Booth, MORI CIO.

http://www.ebcvg.com/articles.php?id=803

Of the top four messaging priorities reported by companies (spam, spyware, email archiving and viruses), three relate to security issues.

Most respondents (67%) want an anti-spam solution that does more than just anti-spam, such as anti-virus, compliance, email encryption, and more.
Overall, 13% of companies indicated they are not happy with their current messaging platform.
Almost half (48%) of companies surveyed indicated they have an email archiving solution in place, which is up significantly from 25% last year.
Only 10% of companies surveyed indicated they have deployed an Identity Management Suite; however, we expect strong growth in this emerging market, as 42% of those without an Identity Management solution indicated interest in buying one.

http://www.marketwire.com/mw/release_html_b1?release_id=90060

Highlighting the increasing speed of online attacks in research covering the last six months of virus activity, the vendor said the news was mostly grim. Authors of malware such as spam, viruses, phishing scams and spyware increased both the volume and sophistication of their assaults, releasing almost 8,000 new viruses in the first half of 2005 and increasingly teaming up in joint ventures to make money.

The new-virus figure is up 59 percent on the same period last year.

“With financial gain rather than notoriety becoming more of a motivation, spammers and virus writers have been drawn together with more traditional criminal elements,” said Sophos Australia and New Zealand senior technical consultant Sean Richmond.

While the usual virus culprits like Zafi-D, Netsky-P and Sober-N came under the spotlight, Sophos said growth in Trojan attacks — where malicious software allows a remote attacker to gain backdoor access to a PC — was perhaps the most significant development in the malware-creation field. “Sophos has seen a three-fold increase in the number of key-logging Trojans so far this year,” the company said. “Trojans are delivered to target organisations via e-mail attachments or links to Web sites. They are often used by remote hackers to steal priviledged information, and very often to launch further attacks.”

But Sophos made it clear the news wasn’t all bad. “Businesses in Australia and New Zealand mostly have it right when it comes to protecting their desktops, servers and gateways,” said Richmond. Richmond praised the Australian telecomms regulator for its recent move to press charges against Perth-based alleged spammer Wayne Mansfield. Mansfield is one of Australia’s most notorious Internet marketeers and stands accused of sending at least 56 million — mostly unsolicited — e-mails in the period after the Spam Act was enacted in April 2004.

Events further afield also caught Sophos’ attention, as it highlighted several recent prosecutions of virus and privacy-related Internet crime. One dealt with the impending trial of German teenager Sven Jaschan, who has admitted writing the Netsky and Sasser worms, while another involved the arrest of a Cypriot man who was spying on a 17-year-old girl via her own Webcam.

“Four United Kingdom phishers were also jailed this week,” said the company.

http://www.zdnet.com.au/news/security/0,2000061744,39200021,00.htm

However, two thirds of firms, typically those with more experience of mobile devices, implement basic security policies including offering a limited choice of devices. Those with most advanced mobile usage deploy centralised software management that allows devices to be switched off remotely in case of loss or theft. The survey found very few firms with large-scale PDA deployment. “The vast majority of PDA use is in small pilots or limited numbers of users

The big issue now is whether firms move to a strategy of being device-agnostic to have more flexibility,” said Quocirca analyst Dale Vile. “There is a lot of loyalty to the BlackBerry but firms are realising that they probably need a bit more choice. There is also a growing desire to understand how to pull together different wireless technologies such as GPRS, wireless Lans and 3G.”

The biggest weakness in deploying laptops was seen as user vigilance, with loss and theft the greatest concern. Most companies indicated that well communicated security policies were key to reducing this risk. While firms that embark on PDA pilots mostly cite security and cost as key concerns, these issues give way to concerns over interoperability and compatibility as experience of wireless devices increases.

Cost and complexity of device management was a key concern for over 50 per cent of the respondents, and the survey found that this concern does not diminish with increased experience of the technology. The good news is that security fears diminished with greater experience, but increased PDA use upped the need for user support and training.

The survey, conducted on behalf of Orange, was based on 2,853 interviews with IT professionals.

http://www.vnunet.com/vnunet/news/2139186/pda-security-mobile

The research, conducted by Protegrity, indicates that despite the emphasis these regulations place on data security, 41% of respondents said their companies are spending 10% or less of IT security budgets on data and database security and 87% of respondents believed that internal misuse of sensitive data was the biggest threat to their companies, based on current security solutions in place.

Rapkin pointed out that despite the publicized data thefts occurring during the spring and early summer, the level of investment in securing sensitive data remains very low.

http://www.ebcvg.com/articles.php?id=789