We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Attacks exploit user security indifference

Code Red havoc could have been avoided

The vast majority of successful attacks on computer systems exploit security weaknesses which are well known and for which patches exist, according to research company Gartner.

Many recent cyber attacks could have been avoided if businesses were more focused on their security efforts, but users seem not to learn from their mistakes, according to Richard Mogull research director for Gartner.

”Patches were available to protect systems against the Code Red virus, but had generally not been deployed,” Mogull said.

Worse, the Nimda virus exploited exactly the same weakness a few months later and was still able to cause havoc around the world. Combined losses from the two incidents are estimated at running into billions of dollars, largely due to user indifference, according to Mogull.

The five top vulnerabilities to cyberattacks include: lack of risk management integration; security not integrated into projects; poor governance and culture; weak security of suppliers and partners; and no benchmarking on spending and value of security projects.

To counter these vulnerabilities, users should take steps including: increasing the enterprise's overall security posture; developing an internal response plan and aggressively monitor internet activity on all systems, especially firewall and intrusion detection logs; evaluating established security plans in light of recent events, and update as needed; and form a cyber-incident response team or contracting with an external provider to evaluate systems.

Around 90 percent of cyber attacks will continue to exploit known security flaws for which a patch is available or a preventive measure known until 2005, according to Gartner.

During that time, 20 percent of enterprises will experience a serious internet security incident - defined as one which is more than a virus attack. Of companies suffering incidents, the cleanup costs of the incident will exceed the prevention costs by 50 percent.


IDG UK Sites

Best January sales 2015 UK tech deals LIVE: Best New Year bargains and savings on phones, tablets,...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Best Photoshop Tutorials 2014: 10 inspiring step-by-step guides to creating amazing art,...

IDG UK Sites

Complete guide to iPhone and iPad settings: Get to know iOS 8 Settings UPDATED