[ISN] Survey finds IT attacks are down, but costly

From: InfoSec News (alerts@private)
Date: Tue Oct 16 2007 - 00:34:39 PDT 

http://www.dailyherald.com/story/?id=56396

By Anna Marie Kukec
Columnist
10/15/2007

About 33 percent of companies said they experienced fewer security 
breaches in their networks in the past year , compared to 42 percent a 
year earlier.

Although the numbers went down, the attacks, whether by viruses, worms 
or malicious spyware, were more damaging, said a report by Oakbrook 
Terrace-based Computing Technology Industry Association.

"The most troubling is the security breaks that have been occurring are 
of a more severe nature," said association spokesman Steven Ostrowski.

This is the fifth year that Comptia has surveyed its membership 
nationwide about security breaches. This latest one had 1,070 
respondents.

Among organizations that reported a security breach in the last year, 
the average severity level was 4.8 on a 10-point scale with 10 as the 
most severe. Severity in the last two years was rated at 2.3 and 2.6, 
respectively.

"It's a mixed blessing," Ostrowski said. "It's good that the number of 
actions are down, but the ones that have been happening have been 
causing more damage."

The survey found that the average cost of a security breach across all 
companies was $369,388. That included a handful of companies who said 
their costs were more than $10 million, reflecting the higher risk that 
larger companies face, the survey said.

About one-half of all respondents estimated that the cost of security 
breaches in the last 12 months was $10,000 or less.

The survey also said that not all security breaches originate 
externally.

Among organizations that experienced a security breach, nearly 1 in 4 
(or 23 percent) indicated that they had an insider security breach or 
threat.

For more information, visit www.comptia.org/sections/research/

[...]


5B
__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com

This archive was generated by hypermail 2.1.3 : Tue Oct 16 2007 - 00:54:40 PDT