While more companies reported malware infections, denial-of-service attacks, financial fraud and password sniffing in the last year, claimed damages due to the attacks had shrunk, according to the latest survey of security managers and corporate executives conducted by the Computer Security Institute.
The report, released on Tuesday and covering from July 2008 to June 2009, revealed that more than 64 percent of companies reported malware infections, up from 50 percent during the same period the prior year. Similarly, 29 percent of companies reported being the target of a denial-of-service attack, up from 21 percent the prior year. Despite the increased incidents, losses fell to less than $235,000 per company on average, a decrease of 19 percent compared to the prior year.
The Computer Security Institute, which has conducted the survey for the past 14 years, highlighted the discrepancy and suggested caution in reading too much into the trend.
"This sounds like good news ... but it must be noted that, despite anonymity, only 102 respondents -- less than 25 percent -- were willing to share details of their financial losses, thus continuing a troublesome downward trend," the report stated.
Companies were adequately satisfied with security technology, but tools that purportedly gave managers visibility into the security of their networks — such as log management, intrusion detection systems, and data-loss prevention tools — ranked lowest in terms of satisfaction.
"Generally speaking, respondents did not seem to feel that their challenges were attributable to a lack of investment in their security programs or dissatisfaction with the security tools, but rather that, despite all their efforts, they still could not be certain about what was really going on in their environments, nor whether all their efforts were truly effective," the report stated.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos