http://bits.blogs.nytimes.com/2009/09/15/security-pros-are-focused-on-the-wrong-threats/ By Riva Richmond Bits New York Times September 15, 2009 Corporate information technology departments are prioritizing the wrong threats to their computer systems, focusing on old problems and leaving their companies open to a raft of new cyberattacks aiming at private customer and corporate information. That is the finding of a new biannual report from the SANS Institute, a training organization for computer security professionals, whose senior staff weighed two sets of data that have not been rigorously compared to date: data on the most common attacks hitting corporate networks and data on which vulnerabilities are most prevalent on company networks. TippingPoint, an intrusion-prevention technology company, provided the attack data, collected during its defense of 6,000 organizations during the first six months of the year, while Qualys, a vulnerability management company, provided data on the most common security holes based on its analysis of nine million customer computers. Looking at the two sets of data together revealed immense shifts in what is getting the attention of today's hackers. "The bottom line: Two cyber-risks dwarf all others, and users are not effectively mitigating them - preferring to invest in mitigating less critical risks," said Alan Paller, director of research at SANS. The less critical risks are flaws in the Windows operating system. While these bugs were the No. 1 problem for everyone on the Internet not long ago, times have changed. Thanks to significant security improvements by Microsoft, automated tools for applying its patches and generally good habits within organizations, the operating system is now much harder to hit. As such, hacker interest has waned. Only one major worm, Conficker, circulated in the first half of the year. Attacks on the operating system accounted for only about 30 percent of the total volume of attack activity on the Internet, and, thanks to patching, probably weren.t very successful, says Rohit Dhamankar, director of TippingPoint's DVLabs. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Tue Sep 15 2009 - 22:32:27 PDT
This archive was generated by hypermail 2.2.0 : Tue Sep 15 2009 - 22:38:58 PDT