[ISN] Worms whack half of businesses

From: InfoSec News (isn@private)
Date: Tue Mar 22 2005 - 00:12:18 PST


By Robert Lemos 
Staff Writer, CNET News.com
March 21, 2005

Almost half of businesses have had a worm outbreak in the last year,
despite increases in security spending on compliance efforts,
according to a recent survey.

The survey, released Monday by security company Mazu Networks and the
Enterprise Strategy Group, found that almost 75 percent of companies
boosted security spending in 2004 to comply with regulations set by
the Sarbanes-Oxley Act.

Despite those efforts, only 14 percent of respondents said they were
"very confident" that their networks would repel all threats this

"I think this is a bit of a wake-up call," said Tom Corn, vice
president of marketing for Mazu Networks. "Not a lot of folks have
confidence that they have mechanisms and processes in place to protect

The survey, which polled 229 information technology professionals
about their corporate networks, came as another report suggested that
virus writers and online attackers are becoming more focused on using
their skills to earn cash from fraud and identity theft.

The polled IT professionals had a similar story to tell, according to
Corn. "We are starting to see a lot of these threats less for bragging
rights and more about creating armies of system zombies and
bots--there is a strong financial model for that," he said.

About 47 percent of all respondents had a worm infect a company
network in the past year, the Mazu survey found. An eighth of those
businesses had more than 25 percent of their network compromised
during the incident.

However, the worry of worms has not helped close some major
vulnerabilities at the companies, the survey indicated.

Almost 25 percent of all companies had an internal breach in 2004, and
40 percent of those incidents interrupted a critical service.  Almost
half of the IT professionals surveyed found active accounts belonging
to ex-employees, and a third found rogue wireless access points in
their network.

Companies involved in the survey were required to have at least 1,000
employees. They represented more than 18 different industries.

Bellua Cyber Security Asia 2005 -

This archive was generated by hypermail 2.1.3 : Tue Mar 22 2005 - 02:32:33 PST