2006 CSI/FBI Survery, Part 2
It would stand to reason that organizations are learning from their past troubles by now. Then why are they getting smacked around by the same old security issues?
In the first part of the look at the 11th Annual CSI/FBI survey, we looked at the makeup of the survey as well as the financial costs of security. In this article we'll look at the nitty-gritty of security and the trends of where things are going.
So, where are things really headed?
The percentage of cybersecurity breaches declined 4 percent from last year. At the same time there was an increase of 7 percent in the number of those that believe no unauthorized access occurred. But while overall attacks dropped, it's interesting to note that for those that reported attacks, the number of those that reported 10 or more has increased over the last 3 years. This makes me wonder if people are paying attention to what causes the attacks and actually dealing with them. At AntiOnline we often see people asking how to deal with attacks and sometimes they are told to just format and start from scratch.
This response isn't really a good one, especially with regards to businesses. It's better to figure out what caused the attack and patch up that hole, whatever that "patch" might be. If we just re-install then the same hole is still open for someone to use and exploit. Sometimes we know about it in advance, for example, Microsoft's recent PowerPoint exploit that was addressed in August even though remained wide open for part of July.
In an interesting twist, while about a third of respondents felt that their threats came from external sources, there was a large portion that felt some aspect of an attack came from internal sources. This belief that attacks are largely internal indicates that things are reverting back to where they were prior to the widespread use of the Internet, which, for a brief period, saw most of the attacks coming from external sources. Additionally, the number of those that didn't know if they were compromised has also consistently decreased as well. This may indicate more knowledge or awareness of security issues.
So, what kinds of attacks are occurring? Viruses top the list at 65 percent. Denial of Service (DoS) attacks have steadily decreased. This may be due to the fact that there is no benefit for most attacker to launching a DoS. It's a bit passe for some and often viewed as "script kiddish" by most. I suspect that many attackers today still desire easy glory, but generally not the kind that is generated by script kiddie behavior. There were minor increases in system penetration, financial fraud and web site defacement.
It was interesting to note that web site defacements had almost 60 percent of respondents reporting 10 or more such defacements. Old habits die hard, apparently. Some companies need to learn from their past mistakes and prevent these simple attacks. As I said earlier, it's not just a matter of putting the site back or reverting to a previous state, but determining how the attack occurred and patching to prevent it from happening again.
Financially speaking, losses decreased. Virus attacks accounted for about $15 million. What I found surprising is that this number should have been dwarfed by the privacy violations that occurred last year. Theft of propriety information was only $6 million and unauthorized access to information was just over $10 million. It was noted that losses due to say negative publicity were likely not included. This would explain why privacy violations didn't amount to more than virus attacks.
Companies are trying to use multiple technologies to protect what it's important. Virus protection and firewalls remain the top tools at 97 percent and 98 percent respectively. I would question how well that virus protection is working since it remains the highest attack source. Something is definitely not configured properly. Perhaps the complacency is that we're so used to viruses we just shrug and let them happen since they are a fact of life in the Windows world. Spyware detection tools have climbed to a healthy third spot but lags behind anti-virus protection. We'll probably see this climb higher next year as new forms of spyware permeates through companies.
This year the survey specifically asked the question of internal and external auditing. While the majority of auditing is done from an internal point of view, some are looking to external sources to perform the audit. It does raise the question that if 70 percent or more of respondents believe that attacks come from internal sources (a varying degree certainly), why would we rely largely on internal sources to perform those audits? It's like believing that security guards for the bank are the ones complicit in a bank heist yet allow them develop plans on how to protect the bank.