SDA India is an online resource for Software, Development,IT, Architecture, Open Source, Mobile, Security, Databases, Delphi, C, OS, Asp, .Net, Php, Xml, Java
Analyst Corner
Cost of Data Breach Set to Increase 20% Per Year
Financially motivated targeted attacks are getting more dominant and new vulnerabilities continue to occur, but 90 per cent of these attacks can be kept off without increasing security spending, according to Gartner. Nevertheless, ensuring one’s enterprise is not part of the 10 per cent that requires implementing security processes to monitor and manage vulnerabilities and providing strong identity and access management capabilities.
Gartner analysts discussed the critical technology and organizational “dos and don’ts” for successful enterprise wide security at Gartner Symposium-ITxpo 2007 held in Orlando from October 7-12. Analysts examined the security, risk and compliance threats
John Pescatore, vice president and analyst, Gartner said, “The biggest attack risk to enterprises comes from targeted attacks. In addition, phishing and identity theft attacks have caused the rise of ‘credentialed’ attacks, in which the attacker uses the credentials of a legitimate user.”
“Malicious software attacks also allow internal executables to be used to forward information to an external attacker,” Pescatore said. “Being aware of ‘inside out’ communications and being able to block those as effectively as ‘outside in’ is becoming increasingly important. Security strategies must reduce the cost of dealing with mass attacks to free up investment and personnel resources to evolve capabilities for dealing with these more-complex targeted attacks.”
Gartner analysts estimate that the cost of sensitive data break will rise to 20 per cent per year through 2009. While mass attacks such as worms and viruses have continued, the investments that enterprises have made in intrusion prevention, vulnerability management and network access control have paid off, as those simple mass attacks have not been very successful. However, the attackers are now more financially motivated and have launched new attacks that cause enormous damage to the bottom line, but that often goes unreported.
As per Gartner, the average enterprise spends more than five per cent of the IT budget on security and nearly 12 per cent, if disaster recovery spending is included. However, Gartner noticed little or no correlation between enterprises that spend the most on security and enterprises that are the most secure. While there are definite areas that require additional investment, there are just as many areas of security that can be done more efficiently.
“The most effective ways to become more secure while reducing security spending are to avoid vulnerabilities, to ensure that security is a top requirement for every new application, process or product, whether built in-house or acquired from a vendor” said Ray Wagner, managing vice president, Gartner. “Just as important is understanding where security funds are being spent and where that spending is effective or ineffective. Security metrics should be established for all major security spending areas.”
Pescatore said the approach to security needed to move from a reactive approach to a mix of strategic planning and rapid tactical execution. He continued, “The key is to identify major technology changes and start taking steps to reduce the cost of dealing with today’s mature threats, viruses, worms and denial-of-service attacks, to free up funding and manpower to influence the new systems and business processes that are being built today and that will bring on the next generation of threats.”
Gartner analysts discussed the critical technology and organizational “dos and don’ts” for successful enterprise wide security at Gartner Symposium-ITxpo 2007 held in Orlando from October 7-12. Analysts examined the security, risk and compliance threats
John Pescatore, vice president and analyst, Gartner said, “The biggest attack risk to enterprises comes from targeted attacks. In addition, phishing and identity theft attacks have caused the rise of ‘credentialed’ attacks, in which the attacker uses the credentials of a legitimate user.”
“Malicious software attacks also allow internal executables to be used to forward information to an external attacker,” Pescatore said. “Being aware of ‘inside out’ communications and being able to block those as effectively as ‘outside in’ is becoming increasingly important. Security strategies must reduce the cost of dealing with mass attacks to free up investment and personnel resources to evolve capabilities for dealing with these more-complex targeted attacks.”
Gartner analysts estimate that the cost of sensitive data break will rise to 20 per cent per year through 2009. While mass attacks such as worms and viruses have continued, the investments that enterprises have made in intrusion prevention, vulnerability management and network access control have paid off, as those simple mass attacks have not been very successful. However, the attackers are now more financially motivated and have launched new attacks that cause enormous damage to the bottom line, but that often goes unreported.
As per Gartner, the average enterprise spends more than five per cent of the IT budget on security and nearly 12 per cent, if disaster recovery spending is included. However, Gartner noticed little or no correlation between enterprises that spend the most on security and enterprises that are the most secure. While there are definite areas that require additional investment, there are just as many areas of security that can be done more efficiently.
“The most effective ways to become more secure while reducing security spending are to avoid vulnerabilities, to ensure that security is a top requirement for every new application, process or product, whether built in-house or acquired from a vendor” said Ray Wagner, managing vice president, Gartner. “Just as important is understanding where security funds are being spent and where that spending is effective or ineffective. Security metrics should be established for all major security spending areas.”
Pescatore said the approach to security needed to move from a reactive approach to a mix of strategic planning and rapid tactical execution. He continued, “The key is to identify major technology changes and start taking steps to reduce the cost of dealing with today’s mature threats, viruses, worms and denial-of-service attacks, to free up funding and manpower to influence the new systems and business processes that are being built today and that will bring on the next generation of threats.”
Related Links
None
