Cyberattacks exploit user security indifference

The vast majority of successful attacks on computer systems exploit security weaknesses which are well known and for which patches exist, according to research company Gartner Inc.

Many recent cyberattacks could have been avoided if enterprises were more focused on their security efforts, but users seem not to learn from their mistakes, according to Richard Mogull, research director for Stamford, Conn.-based Gartner.

Patches were available to protect systems against the Code Red virus, but had generally not been deployed, Mogull said. Worse, the Nimda virus exploited exactly the same weakness a few months later and was still able to cause havoc around the world. Combined losses from the two incidents are estimated at running into billions of dollars, largely due to user indifference, according to Mogull.

According to Gartner, the five top vulnerabilities to cyberattacks include:

– lack of risk management integration

– security not integrated into projects

– poor governance and culture

– weak security of suppliers and partners

– no benchmarking on spending and value of security projects

To counter these vulnerabilities, users should take steps including:

– increasing the enterprise’s overall security posture.

– developing an internal response plan and aggressively monitor Internet activity on all systems, especially firewall and intrusion detection logs

– evaluating established security plans in light of recent events, and update as needed.

– form a cyber-incident response team or contracting with an external provider to evaluate systems.”

Through 2005, 90 per cent of cyberattacks will continue to exploit known security flaws for which a patch is available or a preventive measure known, Gartner said.

During that time, 20 per cent of enterprises will experience a serious Internet security incident – defined as one which is more than a virus attack. Of companies suffering incidents, the cleanup costs of the incident will exceed the prevention costs by 50 per cent, Gartner said.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Previous article
Next article

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now