Daisy, an attacker identified by the CSI
The Computer Security Institute has just released the results of its 14th annual Computer Crime and Security Survey and, as always, there are some interesting findings. This year’s results are based on 443 responses given by information security and information technology professionals in U.S. corporations, government agencies, financial institutions, educational institutions, medical institutions, and other organizations, from the period of July 2008 to June 2009.
A few highlights:
- Average losses resulting from security incidents dropped from $289,000 per respondent last year to $234,244 per respondent this year.
- A third of respondent organizations reported being fraudulently represented as the sender of a phishing message.
- Respondents reported big jumps in the incidence of financial fraud, malware infection, denials of service, password sniffing, and Web site defacement, and significant dips in wireless exploits and instant messaging abuse.
- Financial fraud losses averaged $450,000 per organization that suffered fraud.
- A quarter of respondents believed that more than 60% of their financial losses resulted from non-malicious actions by insiders.
- The largest increases in security technologies used were in anti-spyware software and tools that encrypt data at rest.
- Tools that improve visibility, such as log management tools and security information and event management tools, were high on many organizations’ security wishlists.
- Only 7.7 percent of respondents categorized their organizations as being in the “health services” industry, but 57.1 percent of respondents said their organization had to comply with the Health Insurance Portability and Accountability Act (HIPAA). More respondents said that HIPAA applied to their organization than any other law or industry regulation.
- Respondents generally reported that regulatory compliance efforts have had a positive effect on their organization’s security programs.
For more specifics, check out the free Executive Summary of the Survey that’s available from CSI’s web site. CSI members get a copy of the comprehensive version, and it will be made available to non-members for a fee at some point.
![[Slashdot]](/wp-content/plugins/slashdot.ico){kind=small}
![[Digg]](/wp-content/plugins/digg.ico){kind=small}
![[Reddit]](/wp-content/plugins/reddit.ico){kind=small}
![[del.icio.us]](/wp-content/plugins/delicious.gif){kind=small}
![[Technorati]](/wp-content/plugins/technorati.ico){kind=small}
![[StumbleUpon]](/wp-content/plugins/stumbleupon.ico){kind=small}
Leave a Comment