June 15, 2004

Businesses trying to improve their Internet security have found that their continued efforts have resulted in much fewer security breaches and incidents of unauthorized computer use, and a noticeable decline in damages from security incidents, a computer security group said in a report released Thursday.

The Computer Security Institute's survey of security professionals at nearly 500 companies found that damages related to cyberattacks declined, reaching about $290,000 per company versus $400,000 per company a year ago.

The report, conducted in cooperation with the FBI, also said respondents thought denial-of-service attacks outpaced intellectual property theft as the most costly type of information threat. Such a shift may indicate that companies are shoring up internal-network defenses, said Robert Richardson, editorial director for CSI and an author of the report.

"If you get more effective in protecting what is inside your networks, then (attackers) have to resort to other things," he said. "One thing you can resort to is denial-of-service attacks."

Unlike thefts, which require an attacker to break into a system, DoS attacks typically involve an online miscreant sending a flood of data to a Web site to prevent others from accessing the site. This is the first time DoS attacks have topped the list of threats.

The survey, which measures responses mainly from information technology managers who work for companies that are CSI members, is considered an indicator of general trends but not a reliable measure of specific detail, said Richardson.

"You have to be careful in general of results of this kind," he said. "It highlights a lot of interesting things, but it also raises questions that can't be answered by the data."

Most companies kept security functions inside the company, with only 12 percent of those surveyed indicating they outsourced more than 20 percent of security procedures.

Larger companies typically benefited from economies of scale and paid less per employee for security, the survey found.

Companies with annual sales of more than $1 billion typically paid a little more than $100 per worker on security, while companies with revenue of less than $10 million spent an average of $500 per worker.

The survey also indicated that more companies are interested in computer security because of new government regulations. The financial, utility and telecommunications sectors believe that the Sarbanes-Oxley Act, which requires a company's executives to be accountable for their financial statements, has resulted in management focusing on information security, Richardson said.

This is the first year that the survey asked companies about the effect of the law.

Source: C-Net News

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

        

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.