News
News
7/27/2006
02:40 PM
Connect Directly
RSS
E-Mail
50%
50%

Brief: Hacks Decline, Worries Don't

The annual CSI/FBI Computer Crime and Security Survey found a continuing decline in cyberattacks, but says one cause could be the fact that businesses are increasingly unwilling to report security incidents.

For the fourth year in a row, losses due to network compromises and hacker attacks fell, according to the annual CSI/FBI Computer Crime and Security Survey. But analysts say the steady decline isn't cause for celebration. While the dip may partly be due to improved security and greater diligence against attacks, organizations are increasingly unwilling to report compromises or security incidents for fear that could affect their business.

As Gartner vice president Rich Mogull warns, these survey findings should be viewed with "extreme skepticism."

The CSI/FBI survey found that two-thirds of all attacks are external, mostly financial fraud (spam and phishing) and unauthorized access to information (hackers breaching security and malware infections that transmit data outside a company).

What's especially worrisome is that hackers are co-opting automated penetration testing tools to find previously undiscovered vulnerabilities, according to a report issued by Secure Computing. Tools such as Core Security Technologies' Impact and the open-source Metasploit Project use a process called "fuzzing" to brute-force applications to quickly find vulnerabilities. Take the Metasploit Project, which was able to announce a new Microsoft Internet Explorer vulnerability daily in July.

External threats are keeping security managers awake at night, but that may be changing. Security vendor Utimaco Software's survey of 400 IT security experts found that 61 percent say guarding against internal security threats is a growing concern. Chief on their priorities lists: 77 percent say "securing mobile end devices and central IT security administration are the major challenges in protecting company data."

Although guarding against internal security breaches may spell an opportunity for security VARs, that isn't opening security managers' budgets. The Utimaco survey found only 25 percent are increasing spending to thwart inside breaches.

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 24, 2014
Start improving branch office support by tapping public and private cloud resources to boost performance, increase worker productivity, and cut costs.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.