Both internal and external attacks on data security

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Both internal and external attacks on data security are common, but the external threat is significantly greater than the risk S TRAIGHTTALK I T 9 a specific organization. Deloitte reported that 30% of organizations thought they had been specifically targeted in 2009. Attackers are prepared to invest a lot of effort into personalizing attacks on high-value targets to increase their chances of success. Cisco reported that 10% of spam is targeted. The one thing that has changed in the last five years is that the amateur hacker is no longer the problem. from disgruntled employees (74% of attacks were external, according to Verizon Business). The Computer Security Institute (CSI) survey found that 60% of employee-related incidents were due to accident or omission, and only 40% to malicious intent. While employee data theft is common, it is usually limited in extent. Cyber-Ark’s survey found that most employees who stole data did so to help in getting a job for themselves or for a friend. Security incident costs are real ■ Don’t dismiss security concerns as hype. Data breaches are very expensive! The Ponemon Institute found that the most expensive attack in 2009 cost $31 million. The CSI found that the average loss for all respondents was $234,000 in 2009. This equates to $450,000 per respondent that had suffered a financial attack. ■ Getting defenses right is more important than rapid response. So-called “zero-day exploits” account for a minority of incidents. Many of the most serious attacks target application vulnerabilities that have been known for years. Patching application vulnerabilities is important, but not urgent – with the possible exception of common system and productivity tools such as Internet Explorer. ■ Conventional malware still poses a serious threat to corporate well-being, and this threat is increasing. Today it is more likely to be downloaded from a compromised or malicious website than to be sent by email, but the impact is the same. In particular, SQL injection attacks on database applications still account for the majority of ser...
View Full Document

This document was uploaded on 12/31/2013.

Ask a homework question - tutors are online