 |
 |
|
 |
|
|||
|
|||
|
|||
|
|
Gartner: Attacks exploit security indifference
By David Legard (IDG) -- The vast majority of successful attacks on computer systems exploit security weaknesses that are well known and for which patches exist, according to research company Gartner. Many recent cyberattacks could have been avoided if enterprises were more focused on their security efforts, but users seem not to learn from their mistakes, according to Richard Mogull, research director for Gartner.
Patches were available to protect systems against the "Code Red" worm, but had generally not been deployed, Mogull said. Worse, the "Nimda" virus exploited exactly the same weakness a few months later and was still able to cause havoc around the world. Combined losses from the two incidents are estimated at running into billions of dollars, largely due to user indifference, according to Mogull. According to Gartner, the five top vulnerabilities to cyberattacks include: Lack of risk management integration. Security not integrated into projects. Poor governance and culture. Weak security of suppliers and partners. No benchmarking on spending and value of security projects. To counter these vulnerabilities, Gartner says users should take steps including: Increasing the enterprise's overall security posture. Developing an internal response plan and aggressively monitor Internet activity on all systems, especially firewall and intrusion detection logs. Evaluating established security plans in light of recent events, and update as needed. Form a cyber-incident response team or contracting with an external provider to evaluate systems. Through 2005, 90 percent of cyberattacks will continue to exploit known security flaws for which a patch is available or a preventive measure known, Gartner said. During that time, 20 percent of enterprises will experience a serious Internet security incident -- defined as one which is more than a virus attack. Of companies suffering incidents, the cleanup costs of the incident will exceed the prevention costs by 50 percent, Gartner said. David Legard is a Singapore correspondent for the IDG News Service, an InfoWorld affiliate. |
|
|
||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||
|
RELATED STORIES:
• Interview: Outflanking the cyberterrorist threat
April 11, 2002 • Report: Al Qaeda a potential cyberthreat January 8, 2002 • Companies examine cyber-security September 21, 2001 • Companies warned about possible cyberattacks September 13, 2001 • Epic cyberattack reveals cracks in U.S. defen May 10, 2001 • Could a cyberwar cripple the U.S.? January 24, 2001 • Are cyberterrorists for real? July 3, 2000 RELATED IDG.net STORIES:
• Solaris hole found
(InfoWorld.com) • Melissa virus writer is latest to be convicted (InfoWorld.com) • Mozilla hole allows remote text viewing (InfoWorld.com) • Microsoft patches Outlook hole (InfoWorld.com) • Handling handhelds (InfoWorld.com) • Microsoft witness defends Passport (InfoWorld.com) • Web services providers fight off privacy concerns (InfoWorld.com) • Microsoft patches up SQL Server (InfoWorld.com) RELATED SITES:
• Security Focus
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
TECHNOLOGY TOP STORIES:
• Report: SUVs pose danger to cars • New telemarketer tool trumps TeleZapper • Terra Lycos logs $2.2B loss • AOL to offer song downloads • Microsoft seeks fiscal fountain of youth (More) |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||
| Back to the top | |
© 2003 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved. Terms under which this service is provided to you. Read our privacy guidelines. Contact us. |
