Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

75% of Enterprises Have Suffered Cyber Attacks, Costing $2M+ On Average

CmdrTaco posted more than 4 years ago | from the that's-a-lot-of-green dept.

Businesses 81

coomaria writes "OK, even allowing for the fact this comes from a newly published study (PDF) from a security company, that's still one heck of a statistic. The fact that it's Symantec, and so has access to perhaps more enterprises than most, makes it a double-heck with knobs on. Or how about this one for size: 'every enterprise, yes, 100 percent, experienced cyber losses in 2009.'"

cancel ×

81 comments

Sorry! There are no comments related to the filter you selected.

I'm shocked (4, Insightful)

Dunbal (464142) | more than 4 years ago | (#31229050)

This is like the MPAA/RIAA claiming that "piracy" is costing their respective industries "billions" of dollars. Seriously - if you can't spot the conflict of interest you need to turn in your critical thinking hat.

This is just marketing to increase sales of their "security" products. In fact if you go to the actual PDF linked to in the article it looks suspiciously like a sales brochure, presenting the "problem" and at the end showing how Symantec is the "solution".

Re:I'm shocked (1, Funny)

Anonymous Coward | more than 4 years ago | (#31229074)

I'm sure this is part of the anti-China propaganda campaign.

Re:I'm shocked (4, Insightful)

Lumpy (12016) | more than 4 years ago | (#31229472)

They claimed it hard enough that analog HD is dead at the end of this year.

Because they scream louder than everyone else they get all the attention.

This screaming about how EVERYONE has suffered losses will be used to force through more draconian laws.... because nobody in the tech field is screaming back.

Re:I'm shocked (2, Insightful)

Tim C (15259) | more than 4 years ago | (#31230414)

nobody in the tech field is screaming back

Why would they? As long as it doesn't cost them anything, it's not their fight. (Licensing costs, etc are passed directly on to the consumer)

In fact otherwise working kit being obsoleted is good for the industry, as it helps drive sales of the new kit.

Re:I'm shocked (3, Insightful)

suomynonAyletamitlU (1618513) | more than 4 years ago | (#31229550)

This is just marketing to increase sales of their "security" products.

The reason conflict of interest is a problem is because we don't know whether it is "just" marketing or not.

It's clearly marketing; whether it's true or not is a completely independent matter. Unless you have data which shows something to the contrary, don't dismiss it out of hand, just like you (clearly) don't accept it on their word.

Re:I'm shocked (3, Informative)

Dunbal (464142) | more than 4 years ago | (#31230020)

Unless you have data which shows something to the contrary, don't dismiss it out of hand, just like you (clearly) don't accept it on their word.

      On the contrary, we live in an age where moral decadence is rampant even among professionals. Where well known drug companies create sock puppet "peer reviewed" magazines, with the sole purpose of "publishing" favorable studies for their drugs. Where "climate experts" leave out any inconvenient truth that contradicts the trend they are trying to "prove". Where "expert witnesses" in court turn out to be frauds and lie under oath.

      No, today is a time when you must especially dismiss reports like this out of hand. And there are several reasons:

      I doubt the CEO of any company would proudly announce how much money his company "lost" due to "cyber-attack" (yes look at us we're vulnerable/we're idiots!). It's none of Symantec's business.

      Their categories are meaningless. Please explain the difference between Cyber-attacks, "Traditional criminal activities" and (of course it had to be there) "terrorism"? These are all separate categories according to their survey. Apparently 10% of all companies surveyed have been the victims of "terrorism". This does not correlate well with, say, the evening news.

      They claim that on average companies are losing $2 million per year EACH. Yet the majority of companies (71%) are experiencing "no cyber attacks" or "just a few cyber attacks". Clearly these tiny attacks must be devastating.

      Another section claims that 29% of respondents claim "significant" or "slight" increase in "attacks" in the past year. What they leave out is that this means 71% of respondents think there is "no increase" or some sort of "decrease". Oops.

      Frankly, if you don't know how to think, you get swindled by lies like this. Symantec is out to sell "security" and in order to do that, they are willing to make you think that they are the only ones who can prevent your business from being ruined ($2 million dollars/year/large enterprise, or at least that's how they want it to sound) and that you are surrounded by enemies.

Re:I'm shocked (1)

AlamedaStone (114462) | more than 4 years ago | (#31233842)

I consider this news item completely closed after reading your post. What more is there to say?

Thanks.

Re:I'm shocked (1)

suomynonAyletamitlU (1618513) | more than 4 years ago | (#31238844)

No, today is a time when you must especially dismiss reports like this out of hand. And there are several reasons:

I agree with your reasons but I disagree with your premise, and that's actually my point. "Out of hand" means "without looking into the facts of the case," which you clearly have done, based on your comments.

Read it, then punch holes in it, not the other way around. Preferably, punch holes in it in a very public, very verifiable way, so that they look like friggin' idiots and get taken to task by stakeholders, law enforcement, and others in the industry.

Re:I'm shocked (1)

mjwx (966435) | more than 4 years ago | (#31240348)

Where "climate experts" leave out any inconvenient truth that contradicts the trend they are trying to "prove".

Where people look to tabloids for their "facts".

Re:I'm shocked (1)

flyneye (84093) | more than 4 years ago | (#31229634)

The analogy that came to my mind was an insurance salesperson citing , lies ,damned lies and statistics as part of their pitch.
  If it sounds too rich to be true, it likely is, further,I wouldn't put it past A.V. and computer security companies to have closet employees actually writing malicious code. Google "mud farming".

Re:I'm shocked (1)

cusco (717999) | more than 4 years ago | (#31234424)

Actually they do have people on staff writing virus code to exploit known attack vectors, and they have since the 1990s. It's how they check for zero-day exploits and see if their hueristics programming is working.

I think you meant to include something about releasing that work into the wild. I doubt the company itself would do it (imagine the liability suits if it took out critical infrastructure), but wouldn't be at all surprised to see some of the individual researchers take their work home to sell.

Re:I'm shocked (1)

L4t3r4lu5 (1216702) | more than 4 years ago | (#31229686)

if you can't spot the conflict of interest you need to turn in your critical thinking hat.

That would be the Black hat [wikipedia.org] Ironically, those are the perpetrators of the cyber attacks!

Re:I'm shocked (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31230062)

so Symantec compiles a report from the business' which use it's product and claim 100% have had a cyber loss, how is this a good thing for symantec? Reading it makes me realize and affirms how useless of a product they make. They will blame it on users but then I would ask what use is their product? Or any other security product currently being marketed out there, if user education is the best prevention, I wonder why we would still need them.

Re:I'm shocked (1)

Dunbal (464142) | more than 4 years ago | (#31230140)

so Symantec compiles a report from the business' which use it's product and claim 100% have had a cyber loss, how is this a good thing for symantec?

      Good one. That is waaaayyy over the head of the marketing people who created er sorry compiled this "report"...

2 mill avg (0)

Anonymous Coward | more than 4 years ago | (#31230724)

just who are they paying to fix shit ...ballmer or gates in the flesh?
no back ups?
no images for the box

STUPID ADMINS AND COMPANIES ON NOTICE YOU DESERVE IT THEN

Re:I'm shocked (1)

dave562 (969951) | more than 4 years ago | (#31233612)

The problem is real. Windows boxes are inherently insecure and are frequently being exploited. Symantec is one of the many vendors selling mitigation tools. We use Symantec here, both Endpoint Protection and the Exchange scanning component. It's surprising how many viruses make it through Postini/Google but end up getting caught by Symantec when they come through the front-end server.

Everyone knows that anti-virus is last line of defense, and often an only sometimes effective one. Most of the malicious code is coming in through the web these days, so a product like Websense is a better investment than client AV. In a perfect world you want both, plus some sort of IPS/IDS and gateway AV built into the firewall.

To say that Symantec is scare mongering to create a market that wouldn't otherwise be there is just FUD. There isn't a conflict of interest there. They are selling a product that addresses a real problem.

Now if they were selling Symantec AV for Ubuntu desktop, they might be blowing smoke. That isn't what they are doing. Windows = Big Fat Target for malware.

Original report... (1)

Anonymusing (1450747) | more than 4 years ago | (#31229058)

...is here [symantec.com] .

Re:Original report... (3, Interesting)

Anonymusing (1450747) | more than 4 years ago | (#31229114)

Oh, for crying out loud. The report PDF [symantec.com] isn't even searchable: every page is a solid bitmap graphic.

Can anyone tell me what a "brand-related risk" might be for security professionals (see page 6). Do they mean corporate espionage? Or has the CTO threatened to use red-hot irons on the I.T. staff?

Re:Original report... (5, Insightful)

Dunbal (464142) | more than 4 years ago | (#31229140)

Can anyone tell me what a "brand-related risk" might be for security professionals

      Presumably that would be "not buying Symantec security products".

Re:Original report... (0)

Anonymous Coward | more than 4 years ago | (#31230058)

I'm pretty sure it means "loss of confidence in our brand by customers or business partners [because we didn't buy enough Symantec security products]."

Re:Original report... (3, Informative)

codegen (103601) | more than 4 years ago | (#31230294)

Brand related risk is risk to your reputation that damages your "Brand". They are talking about enterprise level IT. So you are working for some large company such as WalMart or Microsoft or IBM. Examples might be defacing the website, or stealing customer information. A more subtle attack may be to change the price in a database indicating a sale that doesn't really exist. Too many customers buy the product and you have to backtrack on the price and cancel orders. This would damage your reputation. Or many others... Of course, the implication is that Symantec Security products would prevent such events.

Re:Original report... (1)

Anonymusing (1450747) | more than 4 years ago | (#31231044)

"Examples might be defacing the website, or stealing customer information. A more subtle attack may be to change the price in a database indicating a sale that doesn't really exist.

I understand your explanation (and it's a good one) but wouldn't your examples fall under the "cyber attacks" category on that same chart?

Re:Original report... (0)

Anonymous Coward | more than 4 years ago | (#31233652)

Yes, and no. The losses from cancelled orders count as "cyber attack damage". But the damage to your reputation does not. Someone might never shop at WalMart again if they back track. This is a "lost sales" figure, just like the ??AA's. They're notoriously hard to calculate (especially since most people aren't going to write you to say they aren't going to do business with you), but you can be sure that there are "some" losses.

Re:Original report... (1)

codegen (103601) | more than 3 years ago | (#31244014)

Exactly. Some brands are more easily quantified such as the brands in niche product markets or service markets, while more general brands such as WalMart are much harder to quantify.

What's cheaper? (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31229082)

A proper security auditing team or a loss here and there?

Business as usual - avoiding costs because their financial losses are smaller and/or deductable.

Full Text (3, Informative)

Archon-X (264195) | more than 4 years ago | (#31229088)

'Article' is at best 3 paragraphs, poorly written, with advert popups.
For those who are interested, original text below.

Wow. That's quite a statistic, but there it is in front of me jumping off the pages of the latest global State of Enterprise Security study from Symantec. The two lines shining so brightly and grabbing my attention read "75 percent of organizations experienced cyber attacks in the past 12 months" and "these attacks cost enterprise businesses an average of $2 million per year". I'll say it again, wow!

Maybe that is not so surprising when you consider that the report states that every enterprise, yes 100 percent, experienced cyber losses in 2009. The top three losses being intellectual property theft, customer credit card data theft and the theft of other personally identifiable customer data. These losses translated into a financial cost 92 percent of the time mainly in terms of productivity, revenue, and tanking customer trust.

Of course, as I have said before the math is always hard on the brain when you read these reports. That 75 percent figure is revealed immediately after we are informed that apparently 42 percent of organisation consider that security is the number one consideration for their business, beating off competition from such things as natural disaster and terrorism and traditional crime. In fact, it is a bigger concern than all three of those things combined. The disparity between the two could, of course, be partly down to another revelation in the report: enterprise security is becoming more difficult due to understaffing, new IT initiatives that intensify security issues and IT compliance issues.

When it comes to understaffing, network security is the biggest problem for 44 percent of those responding, with endpoint security sharing the honours also on 44 percent. There there are the initiatives that IT rated as most problematic from a security standpoint include infrastructure-as-a-service, platform-as-a service, server virtualisation, endpoint virtualisation, and software-as-a-service. And not forgetting compliance, with your typical enterprise having to explore no less than 19 separate IT standards or frameworks and employ around eight of them.

"Protecting information today is more challenging than ever" said Francis deSouza, senior vice president, Enterprise Security, Symantec Corp. "By putting in place a security blueprint that protects their infrastructure and information, enforces IT policies, and manages systems more efficiently, businesses can increase their competitive edge in today's information-driven world."

Re:Full Text (4, Insightful)

zappepcs (820751) | more than 4 years ago | (#31229166)

And you might have heard on the commercial, 1 out of 4 women can't read a pregnancy test, so they made it easier to read. I'm pretty tired of advertising and mock white papers making it out like we're all stupid. Using Symantec security products won't make your business decisions smarter. What it will do is ensure that your minimum spending on security products is done with Symantec. A real white paper on security would have shown all options, and compared them to each other so you can not only make a decision to use security products and why you would do so, but which one suits your needs best.

I think I'm at the point where if the ad, paper, or whatever describes me or other users or the demographic they are after as stupid, I will just shitcan it on principle.

Re:Full Text (0)

Anonymous Coward | more than 4 years ago | (#31230352)

You're only at that point now? I remember being shocked that anyone would ever buy a "for dummies" years ago.

Re:Full Text (3, Interesting)

tomhudson (43916) | more than 4 years ago | (#31229408)

And of course security is not something you can buy, any more than trust.

With that in mind, here's a stat that Symantec doesn't want you to know:

100% of the companies that depend on Symantec to make them secure are vulnerable.

Re:Full Text (1)

Comboman (895500) | more than 4 years ago | (#31229820)

Maybe that is not so surprising when you consider that the report states that every enterprise, yes 100 percent, experienced cyber losses in 2009. The top three losses being intellectual property theft, customer credit card data theft and the theft of other personally identifiable customer data. These losses translated into a financial cost 92 percent of the time mainly in terms of productivity, revenue, and tanking customer trust.

I wonder what percentage of these "cyber" losses were the result of an employee losing a laptop/USB key rather than an actual internet-based cyber attack. Not that losing a laptop isn't still a problem; it just isn't a "cyber" problem (they could just as easily have lost a briefcase full of paper files with customer data on them).

symantec (3, Insightful)

the_Bionic_lemming (446569) | more than 4 years ago | (#31229100)

Just having and paying for symantec is a cyberloss, and that's before a cyber attack!

Re:symantec (1)

gmuslera (3436) | more than 4 years ago | (#31229340)

Just having to pay and maintain an antivirus for all/most computers in a company is a cyberloss. The cyberattack that caused it comes from the 80's.

Re:symantec (4, Funny)

Coopjust (872796) | more than 4 years ago | (#31229342)

I think Symantec should detect their own product as Trojan.Symantec.

Seriously, Symantec and McAfee applications are more ill behaved with system resources than most viruses.

Hardly (4, Funny)

RMH101 (636144) | more than 4 years ago | (#31229106)

Aw, c'mon. We've not spent nearly $2M on Symantec licences here, and I'd hardly call their sales pitch a cyber attack.

I'm here all week, try the veal

"a double-heck with knobs on" (4, Funny)

circletimessquare (444983) | more than 4 years ago | (#31229110)

i'm not familiar with that metric. could you convert that into libraries of congress?

Re:"a double-heck with knobs on" (3, Funny)

wintercolby (1117427) | more than 4 years ago | (#31229206)

I'm afraid it can only be represented in negative LoC's as it's an extra spammy article, refrencing a sales brochure for Symantec. 10 brain cells were completely wasted in reviewing TFA, as well as 3 mouse clicks to close out the full screen ads.

Advertising as journalism, on slashdot (3, Informative)

Jawn98685 (687784) | more than 4 years ago | (#31229192)

Sorry guys, but this crap is a complete waste of my time.

Here's why it's not. (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31229286)

You're seeing all of the counter arguments against the sales pitch. So now, when the sales people come in, you can either decimate their argument or decimate their argument with your boss.

Other vendors will still use the BS to sell their horseshit and you will have a ready arsenal of things to consider so you won't fall for their crap.

See? You and your peers get to tackle salesmen BS together.

Think of it as techie How Tos for sales people.

Are you high? (0)

Anonymous Coward | more than 4 years ago | (#31229964)

So now, when the sales people come in, you can either decimate their argument or decimate their argument with your boss.

"Your boss" most of the time is not a technical person, and is also answering to his even more non-technical higher ups in the corporate management chain. So given the suits, who are they going to listen to? The slick, corporate-speak piece promising warm fuzzy security by a recognizable industry name, or the unknown neckbeard working in the NOC that spends his spare time compiling kernels? Suits want the illusion of security, and when stuff breaks are going to blame YOU, not the fellow suits at Symantec. TFA is not written for tech folks, they're written for people who make purchasing decisions.

Define "cyber attack". And don't use average (5, Insightful)

Anonymous Coward | more than 4 years ago | (#31229296)

Connect any web server to the internet and you'll see tons of connections from botnets trying randomly to exploit various old vulnerabilities. Technically, these are attacks, though you don't need to worry about them if you're patched up.

So is this saying anything more than 75% of enterprises have a web server?

And the average cost is a meaningless number, since averages are swayed by outliers. If you wanted a good statistic for this, you'd use the median. Alternatively, compute the average of (cost of attack / yearly revenue).

Re:Define "cyber attack". And don't use average (1)

mpe (36238) | more than 4 years ago | (#31229552)

Connect any web server to the internet and you'll see tons of connections from botnets trying randomly to exploit various old vulnerabilities. Technically, these are attacks, though you don't need to worry about them if you're patched up.

A fair proportion might not have done much even if you were not "patched up", since they never targeted the web server you are running. The actual real risk is that they could operate as a DDOS. Either to the webserver or whatever "security software" you put in front of it. The latter could even be less able to cope with the situation.

Re:Define "cyber attack". And don't use average (1)

Quantumstate (1295210) | more than 4 years ago | (#31234066)

The mean average is strongly affected by outliers but the median average is not. Generally the median average is the most useful for these kind of figures. I would guess the mean has been used but it seems to be very rare that you are told which average was taken.

Spam (3, Insightful)

Alcimedes (398213) | more than 4 years ago | (#31229370)

Sweet, the first article that was so bad I just tagged it as spam. I'd worry about the future but the filters on the /. editors have been crap for years, surprised there aren't more of these.

I'd be surprised if it's anything less than 100% (5, Informative)

jimicus (737525) | more than 4 years ago | (#31229410)

I seriously doubt Symantec are only counting "concerted attacks from a single original with a specific target in mind". More likely they mean "opportunistic attacks".

So, to /., I say:

  • Raise your hand if your company consists of more than a handful of people.
  • Keep your hand up if your company has an internet connection.
  • Keep your hand up if you roll out managed AV software to all desktops and monitor it religiously (including checking for PCs which haven't been seen in a while).
  • Keep your hand up if every PC and every server has a full-blown firewall running locally which blocks all incoming traffic except for what you know for a fact you need.
  • Keep your hand up if you filter spam (either yourself or through a third-party service).
  • Keep your hand up if your filter successfully excluded 100% of all phishing and trojan-link-spreading emails over the last year.
  • Keep your hand up if your web access is filtered on a default-deny basis (ie. staff can only access pre-approved sites).
  • Keep your hand up if your web access is through a proxy which blocks the download of executables, ActiveX, Adobe PDFs, encrypted files (who knows what's in them?) and JavaScript.
  • Keep your hand up if you update all your PCs (including laptops, even if offsite) within 24 hours of the discovery of any security flaws in client software.
  • Keep your hand up if your switches only allow connections from pre-allowed MAC addresses.
  • Keep your hand up if you have done all of the above and still your staff are happy with the service you provide and don't try and work around you at every opportunity.

Those of you who still have your hand up, well done. You've done just about all that is possible to secure your network short of giving everyone dumb terminals and your internal customers are delighted with everything you do.

Everyone else will see an attack from time to time. The whole point of a of security is you have several layers so any attack won't get far.

Re:I'd be surprised if it's anything less than 100 (2, Interesting)

postbigbang (761081) | more than 4 years ago | (#31230422)

Were it that easy.

Sadly, you can get smashed by the zero-days, the rootkits from hell, the flash-drive-dummies, Mr or Ms I-Don't-Get-Paid-Enough, the supposed 100% spam killing filters, and so on.

Yes, we try. And your concept of filtration via layers works for many types of attacks and security failures. But nothing is foolproof because fools are so ingenioius.

This isn't to justify Symantec's latest PR attempt, just to remind you that while you look organized, something's sneaking up behind you.

Re:I'd be surprised if it's anything less than 100 (1)

losfromla (1294594) | more than 4 years ago | (#31231420)

I believe your entire argument was covered in the last bullet.

Re:I'd be surprised if it's anything less than 100 (1)

postbigbang (761081) | more than 4 years ago | (#31231592)

My point exactly. Welcome to the perfect world.

Re:I'd be surprised if it's anything less than 100 (1)

A non-mouse Coward (1103675) | more than 4 years ago | (#31232588)

And you both totally forgot about Mr or Ms I-write-my-password-on-a-sticky-note, plus all of the other identity management disciplines, like preventing a socially engineered password reset call to the help line, etc.

Re:I'd be surprised if it's anything less than 100 (1)

Moheeheeko (1682914) | more than 4 years ago | (#31233224)

I agree in every way with you. What people who dont work in the industry dont understand, is that most users are stupid. I work at a university where some professors dont know how to get to their email unless there is an icon on the desktop. Im sure a few of them thought they had a long lost relative die and leave them money somewhere a few times. In short, why do so many companies get attacked? PEBKAC.

robbIE may not be a(n) astro/geo physicist.... (0)

Anonymous Coward | more than 4 years ago | (#31229420)

butt he remains handy with the delete button.

it makes no sense to delete the stuff we posted today,,, rob? carry on.

Cyber (1, Funny)

Anonymous Coward | more than 4 years ago | (#31229426)

I must verify the claims made in the summary: my workplace suffered severe cyber losses during 2009.

Thankfully, we'd prepared for this, and had ordered in cyber ahead of time so the supply of cyber was not interrupted. (Sadly, we were not as quick to deal with the Y2K bug and, as a result, we incurred almost complete loss of all our cyber.)

Which Enterprises are being counted? (5, Funny)

Colonel Korn (1258968) | more than 4 years ago | (#31229562)

By my count (of Wikipedia), there are 2 Enterprises from the Continental Navy, 6 from the US Navy, 1 balloon, 1 space shuttle, 1 training ship, and 8 starships that are worth counting, for a total of 19 Enterprises. If 75% have suffered major cyber attacks and we round down, we have 14 cyber-victims.

Here's where it gets weird. Clearly the 8 starships are attackable in the computerized sense. That leaves us with 6 other hackable Enterprises. Most likely 1 is the space shuttle, 1 is the training vessel, and 1 is the contemporary air craft carrier. But that means 3 more Enterprises were cyber-violated out of a pool containing a balloon used during the Civil War and 5 US Navy ships decommissioned between 1823 and 1947.

This seems to be proof of a pre-modern technological underground. Or time travel.

Re:Which Enterprises are being counted? (2, Funny)

Ukab the Great (87152) | more than 4 years ago | (#31229738)

The Federation needs more H1B visas so they can outsource security from Qu'onos. Plus, they can pay them less as long as they offer free Bloodwine as a perk.

you insensitive wclod! (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31229628)

sysmantec is bad luck (0)

Anonymous Coward | more than 4 years ago | (#31229654)

me thinks that maybe sysmantec is bad luck

statistics (0, Troll)

binaryseraph (955557) | more than 4 years ago | (#31229704)

75% of statistics are made up 48% of the time. -- time to troll me!

Sysmantec is bad luck (1)

OMFG it's Rici (1564141) | more than 4 years ago | (#31229844)

I think that sysmantec might be bad luck. Hell if every company they interview has been victim to some kind of cyber attack I don't want to be interviewed by them. I mean they look like the Jessica Fletcher of IT.

Actually Only 25% (2, Funny)

Anonymous Coward | more than 4 years ago | (#31229846)

This article severely overestimates the impact of cybernetic attacks. According to my count, the borg only invaded 25% of starship enterprises, excluding those existing in alternate timelines/realities.

Internal attacks (1)

jbeaupre (752124) | more than 4 years ago | (#31229940)

We've suffered from several internally launched attacks. Weird stuff too. Raid arrays reporting bad disks, server DOS, server files altered preventing reboot. Under linux too.

Oh wait, that would be me using a cheap raid card, forgetting I'd set the firewall to deny any network access (did it during pre-production testing), and plain vanilla upgrading.

Sorry. Sometimes it's hard to distinguish attacks from f$%#-ups.

gentlemen (1)

nimbius (983462) | more than 4 years ago | (#31230050)

I renew my call to action. now is not the time to debate better security through "operating systems" or "best practices" but instead to focus on the matter at hand: we have not purchased enough symantec products this year.

seriously. a security company that finds a hellatious influx of cyber attacks is not news, its advertisement. its only sixteen pages long, page 1 is a pretty girl, and the last page is a summary of...oh imagine that, links to the product the company is selling and not independent citations.

I call BS (1)

pooh666 (624584) | more than 4 years ago | (#31230068)

100% and no big surprise it is that high. I am sure they defined "attack" as something with some level of sophistication, but the only level it takes is the level that gets in. Which isn't often very high.

Definitions (1)

iateyourcookies (1522473) | more than 4 years ago | (#31230128)

If you insist on the definitions and choices used in the report then no, I'm afraid this is not really a very exciting statistic at all.

From page 5:
"Security risks" ranked by importance, by IT Managers:

Cyber Attacks - 42%
Traditional Criminal Activity - 17%
Brand related events - 17%
Natural Distasters - 14%
Terrorism - 10%

So IT Managers are mostly concerned with threats to computers? Colour me surprised.

Confused (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31230268)

So, let me see, this is an enterprise (Symantec) responsible for enterprise security saying that enterprise security is crap.......which means that they (Symantec) are not doing too good a job which is something that everyone already knows. Hmmm, nothing to see here, move along.

Strange... (1)

Yaa 101 (664725) | more than 4 years ago | (#31230464)

I did not suffer 1 dime because of this, maybe they come to 100% because they only asked their own clients.

It shows 2 things, first they asked very selective (they didn't asked me for instance), and second, it shows how inherently insecure their products are (I am not their client and suffer none problems).
Not that Norton or any other so called security solution can safe people from making bad security decisions, if you make the right decisions then you don't need their products in the first place.

My opinion is that managers who connect critical infra to internet instead of private networks should at least be jailed for 5-10 years.

Re:Strange... (1)

Yaa 101 (664725) | more than 4 years ago | (#31230490)

correction:

My opinion is that managers who connect critical infra to internet instead of private networks should at least be jailed for 5-10 years.

should be:

My opinion is that managers who connect critical infra to internet instead of redundant private networks should at least be jailed for 5-10 years.

It American Marketing only, not reality (0)

Anonymous Coward | more than 4 years ago | (#31230474)

It's only maketing, they never go to the true causes and solutions that dont include them, they dont even mention virus, etc. the poorest study i had read

Not new (1)

jellomizer (103300) | more than 4 years ago | (#31231720)

Well we have...
NX-01 (I am sure some alian has gotten into their computer)
NCC-1701 (I am sure some alian has gotten into their computer)
NCC-1701-A (Hacked by a Rogue Volcan)
NCC-1701-B
NCC-1701-C
NCC-1701-D (Hacked by the Borg)
NCC-1701-E (Hacked by the Borg)
So I have 71.5% However I haven't read any expanded universe stuff...

Re:Not new (1)

Microsift (223381) | more than 4 years ago | (#31232260)

Assuming nominal inflation between now and even the earliest version of the Enterprise's creation, $2 million sounds trivial.

Wessels (1)

etherlad (410990) | more than 4 years ago | (#31231974)

I think the more alarming statistic is that 75% of Enterprises have suffered Klingon attacks.

Makes you realize (1)

hesaigo999ca (786966) | more than 4 years ago | (#31232158)

Makes you see just how much of a problem we do have, when we know that 100% of companies that are attacked, suffer serious losses, you would think the DoD or what not would try to implicate themselves a little more, or which org. would need to be so?

ships named Enterprise (1)

tverbeek (457094) | more than 4 years ago | (#31232216)

How much is that in Federation Credits?

I should say "see? told you!" (1)

Opportunist (166417) | more than 4 years ago | (#31232756)

It would certainly be in my best interest, being basically in the same biz as Symantec. But I guess I couldn't keep up a straight face and repeat that. I can see that 75% of enterprises were attacked. That is quite possible. Of course, most of those attacks consisted of little more than a few kids trying to guess passwords (can you see a LOT of "attacks" like that against facebook and the like?). When you strip all the attacks the average router and a sensibly configured server defeat by default, we're probably down at a single digit number.

What strikes me as odd is the claimed 2M loss. That sounds like it came from the same source the RIAA gets their damage claims from. And I'm NOT going there, nono, no way...

Wrong. My company with a few people didn't (0)

Anonymous Coward | more than 4 years ago | (#31232996)

Wrong. My company (a small enterprise) didn't have any loses due to hacking or viruses in 2009. ZERO. We do know of VERY LARGE Facebook game studios who had loses and a laptop with unencrypted data stolen, however.

We do expect to be hacked at some point know matter how cautious we are. That is the nature of being on the internet. All our plans include how to recover from a hacked web presence. Further, we've clearly told the Board of Directors that we will be hacked at some point, there's really no 100% complete defense that is acceptable based on web service requirements today.

Simple. Plan to be hacked, have a plan when it happens.

We have had minor loses due to hardware failures. Basically, just a few hours of lost work for 1 person between daily backups. Eh, the solution to that problem isn't worth the trouble for us.

I can confirm this! (1)

Tetsujin (103070) | more than 4 years ago | (#31233328)

Really, the cyber attacks on Enterprises are well known. First there was Dr. Daystrom, who "upgraded" an Enterprise with his M-5 computer... Later, another Enterprise was subject ot cyber attack on numerous occasions: the attack by the Iconians was one of the earlier examples. This Enterprise was ultimately destroyed as a result of a cyber attack by Klingons. The next Enterprise was invaded from within by the Borg. So it's actually a pretty common occurrence, it seems.

WTF? (1)

butlerdi (705651) | more than 4 years ago | (#31233382)

Utter Bullshit...........

Even in Symantec Shops? (0)

Anonymous Coward | more than 4 years ago | (#31234872)

So 100% were affected, even those using Symantec software?

Largest Segment of Cyber Losses? (1)

warncke (1643739) | more than 4 years ago | (#31238610)

I doubt it is "attacks." I bet that the losses from wasted employee time and incompetent expenditures on useless hard/software exceed the costs of attacks by a couple orders of magnitude.

Sysmantec is bad luck (1)

clint999 (1277046) | more than 4 years ago | (#31239890)

My point exactly. Welcome to the perfect world.

What? (1)

clint999 (1277046) | more than 4 years ago | (#31240314)

"Examples might be defacing the website, or stealing customer information. A more subtle attack may be to change the price in a database indicating a sale that doesn't really exist. I understand your explanation (and it's a good one) but wouldn't your examples fall under the "cyber attacks" category on that same chart?

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>