By Ellen Messmer | 20 Jan 2012
A survey of 1,425 information technology managers in 32 countries about the type of security they deployed on their network endpoints, as well as security training for employees, indicates that these technology investments paid off in mitigating cyberattacks and downtime.
Those surveyed were asked to detail whether they made use of anti-malware, intrusion-prevention systems, data-loss prevention and firewall protection, plus whether they kept signatures updated on everything from physical desktops and servers to virtual desktops and servers, as well as laptops, notebooks and mobile devices.
The survey also asked how frequently cyberattacks against these endpoints happened over the course of the past 12 months, and in particular, which attacks were successful. A cyberattack was defined as an attack from inside or outside the organization that hit the network, website or physical and virtual computers and mobile devices. These might include viruses, spam, denial-of-service attacks, theft of information, fraud and vandalism.
The outcome, according to the 2012 Endpoint Security Best Practices Survey, conducted by Applied Research(www.a and sponsored by Symantec, shows the top-third tier of companies that had applied higher levels of security protection and employee training experienced two-and-half times fewer cyberattacks, and were three-and-a-half times less likely to experience downtime from them than companies in the lower tier with less applied security.
"We wanted take the pulse and find the correlations in this," says HormazdRomer, director of product marketing at Symantec, who says the survey did not inquire into what vendor products were specifically used but only category types. The companies participating in the survey hailed from manufacturing to high-tech to construction, the financial industry and the energy-production sector, as well as government.
The IT managers responding to the survey said their companies did suffer significant downtime remediating the fallout from cyberattacks. But there was a significant contrast in severity between the top-third tier that had the most security protections in place and the bottom third with far less.
This bottom third over the past 12 months suffered 2,765 hours in downtime, including 859 hours of downtime from cyberattacks that affected smartphones and tablets, 828 hours for desktops and notebooks, 241 hours for servers and 837 hours described simply as "widespread downtime." In contrast, the top-ranked third with the most identifiable security practices suffered a total of 588 hours in all these categories.
On average, the financial consequences of successful cyberattacks over the past 12 months cited by the survey respondents was significant, at an average of $470,000, mainly due to forced dedication of IT personnel to remediate affected endpoints as well as costs associated with loss of customer data and damage to the organization's brand and reputation.
Network World (US)
security Features and Opinions
By | 23 Mar 2012
Distributed denial of service (DDoS) is probably not a good name to use anymore. Its term brings to mind old-school network attacks much in the way Pittsburgh still carries a reputation for being a dirty and smoky city. Neither of these could be further from the true. Both have evolved beyond their original descriptions—Pittsburgh for the better, and DDoS…not so much.
Whether you’re an ISP, a hosting company, a data center operator offering “cloud services,” or all of the above, you are no doubt facing multiple business challenges. Increasing competition; corporate pressure to expand market share, ARPU and profitability; shrinking staff size; and reduced CAPEX/OPEX budgets. Today’s business environment is clearly tougher than ever.
By | 23 Mar 2012
In first nine months of 2014, after 1,922 confirmed incidents, criminals managed to compromise 904 million records. Many of the incidents reported in 2014 were record setting, including twenty of them that resulted in the compromise of more than a million records each.
The agency shut down its unclassified email system and parts of its website on Friday, according to the reports.
By | 23 Mar 2012
A territory-wide cyber security drill, conducted by the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council saw HKT’s Business Netvigator pass with flying colors.
Security researchers have discovered a vulnerability in iPhones and iPads that allows attackers to install fake apps that take the place of legitimate ones.