Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Gartner: Attacks exploit user security indifference

From: InfoSec News <isn () c4i org>
Date: Sat, 4 May 2002 06:22:24 -0500 (CDT)
http://www.nwfusion.com/news/2002/0502gartnersec.html

By David Legard
IDG News Service, 05/02/02

The vast majority of successful attacks on computer systems exploit 
security weaknesses which are well known and for which patches exist, 
according to research company Gartner. 

Many recent cyberattacks could have been avoided if enterprises were 
more focused on their security efforts, but users seem not to learn 
from their mistakes, according to Richard Mogull [cq], research 
director for Gartner. 

Patches were available to protect systems against the Code Red virus, 
but had generally not been deployed, Mogull said. Worse, the Nimda 
virus exploited exactly the same weakness a few months later and was 
still able to cause havoc around the world. Combined losses from the 
two incidents are estimated at running into billions of dollars, 
largely due to user indifference, according to Mogull. 

According to Gartner, the five top vulnerabilities to cyberattacks 
include: 

* Lack of risk management integration. 

* Security not integrated into projects. 

* Poor governance and culture. 

* Weak security of suppliers and partners. 

* No benchmarking on spending and value of security projects. 

* To counter these vulnerabilities, users should take steps including: 

Increasing the enterprise's overall security posture. 

* Developing an internal response plan and aggressively monitor 
  Internet activity on all systems, especially firewall and 
  intrusion detection logs. 

* Evaluating established security plans in light of recent events, and 
  update as needed. 

* Form a cyberincident response team or contracting with an external 
  provider to evaluate systems." 

Through 2005, 90% of cyberattacks will continue to exploit known
security flaws for which a patch is available or a preventive measure
known, Gartner said.

During that time, 20% of enterprises will experience a serious
Internet security incident - defined as one which is more than a virus
attack. Of companies suffering incidents, the cleanup costs of the
incident will exceed the prevention costs by 50%, Gartner said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: