This week I received the 14th Annual Computer Security Institute’s Computer Crime and Security Survey, Executive Summary. It is a long document with plenty of tables and graphs; along with much IT and Information Security related jargon that in reality only IS Professionals fully understand.
However, a few figures catch my attention on the Types of Attacks Experienced by businesses: while some assaults that only technically-inclined individuals can perform vary year after year; some easier to understand for the average person are worth mentioning.
The Exploit of wireless networks reduced considerably to only 7.6%.
The three more prominent types of “attacks”:
3. Insider abuse of Net access or Email @ 29.7%, down from almost 60% in 2007
2. Laptop/mobile device theft @ 42.2%, down from 50.0% in 2007
1. Malware infection @ 64.3%. Up from 52% in 2007 and 50.0% in 2008
How are you protecting your data on these regards?
Are your personnel being trained on and constantly reminded of best navigation and Internet use practices?
Are your portable devices secured through strong authentication and encryption?
Most importantly, what type of malware protection does your business utilize?
Average losses due to these attacks, although lower than the US$345,000.00 in 2007; are still high at US$234,000.00
I’ve seen companies still using “free” products believing it is cheaper to have these packages instead of proper protection for their assets.
I’m sure yours is not one of them. Is it?