Rethinking the Datacenter Sponsored by HP Today's datacenters need to increase utilization, get control over power and cooling costs, and align with business objectives. Download this eBook to learn about the challenges facing the data center in a world where digital information is growing at a torrid pace and costs are being held in check. Learn more. »     Putting the Green into IT Sponsored by HP Electricity use in data centers is skyrocketing, sending energy bills through the roof, creating environmental concerns and generating negative publicity. "Going Green" means looking to technologies like virtualization, energy-efficient chips and racks, and implementing policies that extend beyond the data center. Learn more. »     Managing the Modern Network Sponsored by HP In a global economy where information crosses the globe in an instant, and where Web-based applications power business, it's more important than ever to ensure your network is safe from threats and optimized to deliver the data your business needs. »     Evaluating Software as a Service for Your Business Sponsored by Webroot Is Software as a Service just hype, or is something really going on here? See if your company can benefit as SaaS tries to change the face of the enterprise. »     Is Your Disaster Recovery Plan Good Enough? Sponsored by HP Preparing for a disaster is more often than not part of the storage planning process, and it is one of the most difficult tasks, since it includes local hardware and software, networking equipment, and a test plan. Learn how to get disaster recovery right. »

Related Articles •10th Annual CSI/FBI Survey, Part 1 •2004 CSI/FBI Survey Dissected, Part 2 •2004 CSI/FBI Survey Dissected, Part 1

Security Products • PacketLogic (Procera Networks, Inc) • Routix NetCom (Routix Software) • Coverity Prevent / Coverity Thread Analyzer (Coverity, Inc) • Message Classification / Document Classification (Titus Labs) • IronKey (IronKey, Inc) • Mazu Profiler (Mazu Networks, Inc)

10th Annual CSI/FBI Survey, Part 2

Email Print Digg This Add to del.icio.us

Missed Part 1? Click here.

Grab your copy of the report here (registration required).

Cyber Insurance, "Unauthorized Use" and VoIP

For many years, we've used insurance as our safety net for the things that go bump in the physical environment. Lately, however, we've seen increase in the advocacy of cyber-insurance. It hasn't seen a huge increase but it is starting to make its presence known. This year, 25 percent of all companies are insuring their data against so-called cyber-risks. This would be particularly good for certain banks and their transportation of backup tapes to remote locations.

All of this sets up the foundation for the heart of the survey. That is, where has security gone and what have the bad guys done to us?

The numbers for "unauthorized use" seemed to have stayed relatively similar to last year (it went up 3 percent this year from 53 percent to 56 percent), even a larger survey pool to work with. The percentage of those that didn't know whether they were intruded upon has dropped from 13 percent to 11 percent.

My first thought is to wonder what the respondents believe constitutes "unauthorized use" and how many are aware that they have been broken into. Spyware could be considered unauthorized use since often it collects information without the user's knowledge or consent. What might be worthwhile to add to future studies is to ask about the nature of the violations to systems and/or security policies that may have taken place.

As was pointed out by the authors, and validly so, some events — such as music downloading — may be illegal while others — transmittal of chain letters — may be security policy violations. Perhaps drawing the distinction of how often security policy violations occur compared to actual cyber-violations, and the types of each, might be a worthwhile project for this or other studies.

To help demonstrate that attacks are dropping, we need only to examine the types of individual attacks affecting those that knew they were compromised. It is interesting to note, however, that 453 out of 700 respondents could identify where the attacks were originating. Does this mean that over 200 couldn't determine the source of the attacks?

The types of attacks across the board went down or were equal to last year's results. There was one notable exception: wireless. And this isn't surprising.

Although many companies still don't employ wireless networks, the ease of employees being able to setup their own (most likely to bypass security policies) makes them a prime target. I was a bit surprised that there exists category for VoIP attacks. As companies are increasingly deploying the technology for cost-savings and ease of administration, we will probably witness more attacks and variations off the old phracker/phreaker attacks that victimized traditional phone systems.

Defaced

The survey did have an interesting note on Web site defacements. In general, this type of attack has slightly decreased, however, its repeated success has seemingly increased. 95 percent of companies that reported Web site defacements had it occur 10 times or more.

The losses for this are relatively low ($115,000 was reportedly lost in this survey group) but I wonder if companies are missing out on the public relations issue that may result from it. Immanuel Kant had it right when he said, "Perception is reality." If companies are viewed as being insecure because of a "mere" website defacement, then it becomes a reality for clients, regardless of whether or not the site hosts important information. The actual cost of fixing a site defacement may be minor for some (revert to backup) but this doesn't address the cause of the compromise.

Web defacements were, by far, the "cheapest" of all the attacks. Leading the pack this year was viruses (this always surprises me when 96 percent of respondents indicate that they implement and use anti-virus products) at $42.78 million. One thing that isn't evident is whether spyware is being lumped into the virus figures. Additionally, this may be an indication that our existing methods of dealing with viruses -- traditional signature-based tech primarily -- may be no longer adequate.

The authors of the survey do point out that the spread of viruses has slowed but anecdotal comments on sites like AntiOnline indicate that responses to infections are sporadic at best. Indeed, disinfecting systems has become a complicated matter in many instances, and rebooting to remove the bugs from memory (like the good old days) is no longer sufficient. Following in a distant second and third, respectively, is unauthorized access at $31.23 million and theft of proprietary information at $30.93 million. Denial of service dropped substantially.

Wireless abuse, while on the upswing, only represented a mere $554,700 in costs to those institutions. As the only attack that has increased over the previous year (when it was first being registered as an attack vector), it is at least in a financial sense, a relatively benign attack. It is likely that those being attacked are being used as conduits to gain Internet access rather than specifically targeting the company for nefarious means.

That said, the authors suggested that the reported costs in dealing with these incidents are likely to be more accurate than in previous years since companies are getting better at putting dollar figures on repairs like system rebuilds, restoring from backups and other quantitative measures. What isn't evident, and in all likelihood is missing from the equation, is the intangible effects like damage to PR, the lowering of morale, loss of faith in the IT department, and so forth.

Countermeasures didn't change much compared to previous years. Firewalls and anti-virus software remain the most used safeguards in industry practice today at 97 percent and 96 percent, respectively. At a distant third are intrusion detection systems (IDS) at 72 percent. Intrusion prevention systems (IPS) dropped from 45 percent to 35 percent, perhaps an indication of a lack of understanding of their role or a simple lack of faith in the technology.

Page 2: Multifactor Authentication and Patching

Email Print Digg This Add to del.icio.us

eBook: Evaluating Software as a Service for Your Business. Sponsored by Webroot
Learn about expanding business opportunities for the reseller channel. Visit IT Channel Planet.
Data Sheet: IBM Information Server Blade
Sophos Whitepaper: Liberating the Inbox--How to Make Email Safe and Productive Again
Five Trends for Application Development & Program Management. Download Complimentary Report Now.