Login, change your address, subscribe to new or manage current magazines or e-newsletter subscriptions
IT World Events
Site Map - Affiliates
ComputerWorldNetwork WorldCIO CanadaCIO Canada Governments' ReviewJobUniverse Canada
Enter your  QUICKLINK number to go directly to that article.
Advanced Search
Knowledge Centres
Content Types
Featured White Papers
Unlock the potential of data with the right data warehouse solutionUnlock the potential of data with the right data warehouse solution
Provided by: IBM
read more
IBM Multiform Master Data Management: The evolution of MDM applicationsIBM Multiform Master Data Management: The evolution of MDM applications
Provided by: IBM
read more
Closing the data privacy gap: Protecting sensitive data in non-production environmentsClosing the data privacy gap: Protecting sensitive data in non-production environments
Provided by: IBM
read more
Yuk it Up
Act to Amend the Copyright Act
Want a copyright law that protects spyware and virus writers? If not, sign our petition to amend Bill C-61
Featured IT Quiz
IT Quiz: Test yourself to see if you have the knowledge to fit into the open source world, and compare yourself with the rest of the respondents
Featured White Papers
This white paper details Intel's current and future energy-saving initiatives to reduce costs and support business goals. Learn how Intel IT is extending its efforts to be a role model enterprise IT organization by supporting the Climate Savers Computing Initiative, which aims to drive a 50 percent reduction in computer-related CO2 emissions worldwide. No registration required.
Sign-Up for
Security
eNewsletter Delivered Weekly
Click here
Page 1 of 2

Zero-day attack tops list of IT concerns

By: Mari-Len De Guzman - IT World Canada  (30 Jul 2007)

Also read and respond to: THE LANDMINE OF P2P FILE-SHARING

Threats posed by zero-day vulnerabilities were ranked by global IT decision makers as their topmost security concern, according to a recent survey by security firm PatchLink.

Fifty-three per cent of respondents put zero day vulnerabilities as the No. 1 security concern, followed by hackers, cited by 35 per cent, and malware and spyware with 34 per cent. PatchLink surveyed 250 of its customers worldwide in June 2007, including CIOs, CSOs, IT directors and managers.

“The prospect of zero-day attacks is extremely troubling for organizations,” said Charles Kolodgy, research director for security products at IDC in Framingham, Mass. “Today’s financially motivated attackers are creating customized, sophisticated malware designed to exploit unpublished application vulnerabilities in specific applications before they can be fixed.”

Many IT departments are spread thin and lack the resources to proactively defend against zero-day threats, and attackers are using this to their advantage, said Kolodgy.

Hackers are also counting on the human element part of the security equation to help them accomplish their attacks, Kolodgy added.

“User behaviour is difficult to control, and many hackers rely on users’ lapses in judgment to carry out their malicious activity,” the IDC analyst said.

Controlling user behaviour was cited by 32 per cent of IT executives as the primary challenge to vulnerability management.

PatchLink also asked IT executives to rank the application that they are most concerned about protecting, and Internet Explorer landed on top cited by 83 per cent of the respondents.

Various Internet security threat reports earlier indicated an increasing trend in attacks targeted towards Web browsers and Web applications, serving as an avenue to gain access to corporate networks.

“Those vulnerabilities are often used in ‘gateway’ attacks, in which an initial exploitation takes place not to breach data immediately, but to establish a foothold from which subsequent, more malicious attacks can be launched,” according to Symantec’s latest Internet Security Threat Report.

If successful, vulnerabilities in Web browsers and Web applications can enable an attacker to install malware and subsequently gain control of a compromised system.

Page 1 of 2
Send to a Friend  Rate This Page  Print This PageAdd a new comment
Bookmark this article on:
del.icio.us| Digg it| Furl| Google| Technorati| StumbleIt| Yahoo!

Have something to say about this article? Add a new comment

If you find a comment inappropriate, You can notify the moderator by clicking the Report an innapropriate comment icon.
ADD A COMMENT
Name:*Your email address will not appear online and will be used only in the event that the editor wishes to contact you personally for additional comment.
City:
Email:
Title:*
Comment:*
* required fields



Related Content
Articles

Book Reviews

Special Advertising Partners
IDC Case Study: Identity And Access Management Buying Criteria.
IDC analyses IAM buying criteria and deployment at Coppin State University. Coppin State replaces "first generation" IAM solution to obtain benefits needed for today's agile enterprise: ease of integration, rapid deployment, simplified compliance, flexibility.
White Papers
Closing the data privacy gap: Protecting sensitive data in non-production environments
How can IT organizations protect sensitive data, including employee and customer information, as well as corporate confidential data and intellectual property? Industry analysts recommend "de-identifying" or masking data as a best practice for protecting privacy. This white paper explains the importance of closing the data privacy gap in non-production environments, and provides guidance on effective data masking. Complimentary with registration. Sponsored by IBM.
Unlock the potential of data with the right data warehouse solution
Once you've made the decision to implement a new data warehouse, you want to make sure you choose the one that's right for your organization. This buyer's guide provides checklists for starting points that you can use when evaluating vendors and their products. Complimentary with registration. Sponsored by IBM.
Prepare for a more efficient SAP implementation: Take data issues off the critical path
This white paper outlines how the Preliminary Data Assessment Appliance (PDAA) from IBM can help address the challenges of integrating data from different operational applications across the enterprise to an SAP platform. Complimentary with registration. Sponsored by IBM.
Copyright InformationPrivacy Policy Site MapAbout UsMedia CentreReprint ServicesMobileFeedbackContact Us
PC World CanadaIntergovworld.comIT Vendors DirectoryBio-IT WorldCIO TitlesCMOComputerWorld TitlesCSO
GlossaryDarwinGameProInfoworldGames.netITJobUniverseJavaWorldMacCentral
MacWorldNetwork World TitlesPCWorldPlaylistIDG WorldWide Network
©2008 ITworldcanada.com All rights reserved.