Trends in security attacks and incidents
IT systems have been under attack since they became connected to the Internet. Indeed, they suffered from insider misuse before then. Many organizations produce regular reports on the threat landscape. We have studied several leading reports and filtered out the key messages that pervade multiple studies. The results will help organizations to prioritize their security activities and determine their optimum budget for IT security.
SUMMARY
Impact
Ovum view
Key messages
THE OVERALL THREAT LEVEL IS STILL GROWING RAPIDLY
Attacks increased by 50% in 2009
Attack types are evolving
Scareware
Targeted attacks
More credential-stealing malware
Social networking attacks
Denial-of-service attacks
Phishing, vishing, and smishing
THE EXTERNAL THREAT IS GREATER THAN THE INTERNAL THREAT
The “internal threat” is often accidental
Verizon Business
Deloitte
Computer Security Institute
The internal threat cannot be ignored
MALWARE INFESTATION AND SQL INJECTION ATTACKS ARE STILL THE BIGGEST THREATS
Don’t neglect the basics
SQL injection remains the number-one threat
DATA BREACHES ARE EXPENSIVE
The cost of a data breach can destabilize organizations of any size
Organizations have capped their incident cost
Ponemon Institute
Computer Security Institute
Deloitte
The methodology exists to quantify the cost of a breach
AWARENESS IS IMPROVING BUT COMPLIANCE LAGS AND RESOURCES ARE STRETCHED
UK consumer awareness is improving
Actions sometimes fall short of words
The failure of companies to comply with PCI DSS is a scandal
AVAILABILITY OF DELIVERY MECHANISMS IS KEY TO HOW THREATS EVOLVE
Attackers are opportunists
SURVEY COMPOSITION AFFECTS NUMBERS BUT NOT UNDERLYING TRENDS
Why are the survey results so different?
What can we learn from the results?
The scope and methodology of the selected surveys
RECOMMENDATIONS
Recommendations for enterprises
Evaluate the threats you face when determining security budgets
Do not underestimate the cost of a data breach
Prioritize defending against the most serious threats
Try to reduce the number of incidents caused by accidental errors
Recommendations for suppliers
Build product offerings around the protection of business processes that are under threat
Support online service providers that are building security services for the SME sector
Be alert to new threats
Alternative views
PCI compliance must be enforced
There is consistency across a broad range of security surveys
APPENDIX
Further reading
Source reports
Related Ovum reports
Methodology
Impact
Ovum view
Key messages
THE OVERALL THREAT LEVEL IS STILL GROWING RAPIDLY
Attacks increased by 50% in 2009
Attack types are evolving
Scareware
Targeted attacks
More credential-stealing malware
Social networking attacks
Denial-of-service attacks
Phishing, vishing, and smishing
THE EXTERNAL THREAT IS GREATER THAN THE INTERNAL THREAT
The “internal threat” is often accidental
Verizon Business
Deloitte
Computer Security Institute
The internal threat cannot be ignored
MALWARE INFESTATION AND SQL INJECTION ATTACKS ARE STILL THE BIGGEST THREATS
Don’t neglect the basics
SQL injection remains the number-one threat
DATA BREACHES ARE EXPENSIVE
The cost of a data breach can destabilize organizations of any size
Organizations have capped their incident cost
Ponemon Institute
Computer Security Institute
Deloitte
The methodology exists to quantify the cost of a breach
AWARENESS IS IMPROVING BUT COMPLIANCE LAGS AND RESOURCES ARE STRETCHED
UK consumer awareness is improving
Actions sometimes fall short of words
The failure of companies to comply with PCI DSS is a scandal
AVAILABILITY OF DELIVERY MECHANISMS IS KEY TO HOW THREATS EVOLVE
Attackers are opportunists
SURVEY COMPOSITION AFFECTS NUMBERS BUT NOT UNDERLYING TRENDS
Why are the survey results so different?
What can we learn from the results?
The scope and methodology of the selected surveys
RECOMMENDATIONS
Recommendations for enterprises
Evaluate the threats you face when determining security budgets
Do not underestimate the cost of a data breach
Prioritize defending against the most serious threats
Try to reduce the number of incidents caused by accidental errors
Recommendations for suppliers
Build product offerings around the protection of business processes that are under threat
Support online service providers that are building security services for the SME sector
Be alert to new threats
Alternative views
PCI compliance must be enforced
There is consistency across a broad range of security surveys
APPENDIX
Further reading
Source reports
Related Ovum reports
Methodology
LIST OF TABLES
Table 1: Survey composition
Table 1: Survey composition