Category: Statistics

The survey found most security spending is driven by compliance initiatives, which focuses on protecting less valuable custodial data in the form of customer personally identifiable information and credit card numbers.

The data makes up a smaller proportion of a company’s assets, about 38%, while 62% of valuable enterprise assets typically make up corporate secrets.

“Catastrophic toxic data spills are dramatic and expensive, and they garner the most headlines…But for most enterprises, secrets are more valuable than custodial data,” according to the Forrester report, “The value of corporate secrets.”

Firms in the manufacturing, information services, professional, scientific and technical services and transportation accrue between 70% and 80% of their information portfolio value from corporate secrets. The survey found the average cost for lost smartphone incidents was about $12,000 per incident, while lost laptops and accidental leakages cost $26,000 per incident.

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1508039,00.html?track=sy160&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+techtarget%2FSearchsecurity%2FSecurityWire+%28SearchSecurity+%3A+Security+Wire+Daily+News%29

“One of the most important things a company can do to assure their future success is to plug the holes in their security policies that were demonstrated in this study,” Larry Ponemon, head of the Ponemon Institute, said in a statement.

For instance, the survey of top security officials at 80 large financial firms found that 83 percent use real data, such as credit card or account numbers, when developing and testing applications.

For instance, 88 percent of the companies surveyed said they still use Social Security numbers as their primary identifier.

http://www.esecurityplanet.com/features/article.php/3868381/Database-Security-Lacking-at-Financial-Services-Firms.htm

Cyber attacks are shifting from being broad-based to being very targeted, Salem said.

Symantec’s 2010 State of Enterprise Security survey spoke with 2,100 CIOs and IT/security executives, and found 75 percent had been attacked in the last six months — and all of those had suffered some kind of data loss; it may have been intellectual property, financial or credit card data or the personal information of a customer.

Salem said that in 2008, Symantec added 1.6 million signatures to its antimalware software, more than it had in the prior 16 years combined.

Instead of efforts, such as signature-based malware detection, he talked up the concept of reputation-based security, an approach that leverages the knowledge of users around the world. Since adding reputation-based security to Norton 2009, Symantec has collected one billion reputation ratings and taken 177 billion reputation queries in the last six months.

http://www.esecurityplanet.com/features/article.php/3868161/Symantec-Chief-Says-Cloud-Security-the-Next-Step.htm

Respondents on average said they were exploring 19 different IT standards or frameworks to protect their networks and were currently employing at least eight of them.

But IT managers said they are understaffed in key areas, with network security (44 percent), messaging security (39 percent) identified as groups that remain woefully understaffed.

Hacker countermeasures Last week, NetWitness, a Virginia-based computer security firm, disclosed that organized hackers had broken into the computers of 2,411 companies and government agencies over the past 18 months.

In January, senior executives at Exxon Mobile (NYSE: XOM), ConocoPhillips (NYSE: COP) and Marathon Oil (NYSE: MRO) confirmed that they were targeted by an extremely aggressive malware campaign attack in 2008 designed to steal key proprietary data — including multi-million-dollar research to locate the next great oil or natural gas discovery.

http://www.esecurityplanet.com/features/article.php/3866866/Most-Enterprises-Worldwide-Hit-by-Cyber-Attack-in-2009.htm

The institute asked respondents to rate how satisfied they were with their technologies on a scale of 1 to 5. All technologies fell within the 3.0 to 3.6 range, which isn’t bad, but the tools that scored the lowest in that zone were the ones that are supposed to indicate how secure an organization is at any given moment. “They weren’t wildly happy with anything nor, on the other hand, were they wildly unhappy with anything, but it sort of indicates to me that there’s an acceptance of the tools we have,” said Robert Richardson, CSI’s director. The tools mentioned in the survey overview included log management tools, data leak prevention, content monitoring and intrusion detection tools.

A whopping 43.4 percent of them said that less than 1 percent of their security budget was allocated to awareness training, and 55 percent said current investments in this area were inadequate.

Twenty-five percent of respondents said more than 60 percent of financial losses came from accidental breaches by insiders, not external hacks, and 16.1 percent said 81 to 100 percent of all losses came from accidental breaches as well.

Government agencies constituted more than 13 percent of survey participants, comprising people from federal, local, military and law enforcement jurisdictions.

Richardson thought the results were telling, but he wondered about the experiences of those who didn’t respond.

http://www.govtech.com/gt/736410?topic=117671

‘Cybercriminals have made a business out of conducting attacks on the most popular online destinations because they promise the highest payoff,’ said Don DeBolt, director of threat research for CA’s Internet Security Business Unit.

Search engines, like Google and Yahoo, or social networking sites, like Twitter or Facebook, have the mass appeal to attract these criminals. In addition to Internet security software, the best weapon against today’s threats is education, so that consumers know what to look for when they are conducting activities online.’

– Search Index Poisoning: Google is a frequent target of online threats.

Attackers employ sophisticated search engine optimizations to manipulate search engine rankings and poison users’ search results, which direct them to compromised Web sites that can cause malware infections.

In 2009, CA ISBU discovered more than 100 components and mutated strains belonging to the Win32/Koobface family.

http://www.quote.com/news/story.action?id=MTO344u0283