eEye Digital Security, a provider of IT security and unified vulnerability management solutions, has announced results from its “2011 Headlines vs. Reality” survey.(galaxy s,samsung galaxy s,samsung tab,galaxy tab,samsung galaxy tab,samsung android,android,samsung galaxy s2,galaxy s2,samsung galaxy 2,nokia,nokia mobiles,samsung mobiles,mobiles in india,sony mobiles,nokia mobile,sony ericsson,sony ericsson mobiles,nokia india,samsung mobile)
The survey included responses from IT administrators, managers and C-level executives from organisations of various sizes and from multiple industries in the private and public sectors. Thirty percent of respondents came from organisations with 4,000 employees or more.
“These facts demonstrate that while it is important to remain vigilant against attacks that wreak havoc and damage reputations, we must also remain focused on attacks that fly in under the radar, happen every day and chip away at defences and compliance,” said Marc Maiffret, CTO, eEye Digital Security.
Meanwhile McAfee’s whitepaper ‘The New Reality of Stealth Crimeware’ warned that sophisticated malware techniques which employed “Ninja” stealth tactics and combination vulnerabilities, rootkit and stolen certificate techniques were on the rise.
“Powerful toolkits, like what is available in the Zeus Crimeware Toolkit, make stealth malware development a point- and-click endeavour, no longer restricted to the most knowledgeable programmers.”
McAfee Labs estimates that about 15 percent of malware uses sophisticated stealth techniques to hide and spread malicious threats that can cause significant damage.
“One of the most important things to understand about stealthy malware like Stuxnet and Zeus is that it truly owns the computers it takes over. Through rootkits that operate at the user, kernel, and firmware levels, malware can hide, replicate, protect itself against being overwritten, and deactivate anti-virus protection and other defences.”
Unfortunately, getting accurate figures on the impact of both common malware and the ‘other stealthy kind’ is difficult. Most companies only reveal breaches when regulations require disclosure (typically losses of personally identifiable information) and in Australia, unlike in the US, there is no mandatory disclosure of cybercrime within companies or Government.
Calling for mandatory reporting of cybercrime legislation from Governments, Yuval Ben-Itzhak the chief technology officer of security vendor AVG explained to ZDNet yesterday that “It's not interesting for the media if Mr X from down the street was compromised."
"No-one knows about that person. But suddenly, if there are five thousand people in the city being compromised, well, that's a story that will get the headlines. And I think it's for the lawmakers to start to step forward and request reports for these cases."
Tangible verifiable costs can be difficult to gauge. However, McAfee suggestions that the malware of 2011 is
Fast spreading—McAfee Labs has detected up to 6 million new botnet infections in a month Increasing data loss rates—Malicious attacks were the root cause of 31 percent of the data breaches studied in the 2011 Ponemon Cost of a Data Breach Survey, the highest percentage in the study’s five year historyIncreasing data breach costs—The average compromised record costs $214, and the average data breach costs $7.2 millionCompliance is in jeopardy—About three-quarters of the companies surveyed by Evalueserve in 2011 said that discovering threats and discovering vulnerabilities were their biggest challenges in risk managementTax on productivity—Costs average five hours for each IT administrator and user per system reimaged (10 hours total), for an approximate cost per endpoint of $585; at a 5,000 node company, a 1 percent infection rate would equate to $30,000 in cleanup costs)
In addition to demonstrating top-level concerns, the EyeDigital survey also provided insight into how and where security professionals would bolster their resources if they were to receive a 20 percent increase in their security budgets.
65 percent said they would invest it in security reporting and dashboard technologies63 percent said they would invest in patch management60 percent said they would invest in configuration compliance52 percent said they would invest additional personnel39 percent said they would invest regulatory compliance reporting
Unfortunately, although respondents were decisive when it came to knowing how to invest, many have their hands tied. Despite perceived economic recovery, 57 percent of those polled said their IT security budgets saw no increase in 2011, with only 21 percent receiving an increase and 22 percent actually experiencing a decline.
View the original article here
No comments:
Post a Comment