Most Companies Admit Their Data Is At Risk

Weblver1 writes "A recent survey of IT professionals published by web security firm Finjan shows that data-theft should be a good reason for concern. Based on answers from 1,387 professionals, 25% acknowledged that their organization has been breached. What's worse, 42% did not know and could not exclude a breach, reflecting on the number of organizations that could potentially be breached without anyone knowing after the fact. Other findings we should be concerned about include 82% of Healthcare IT respondents admitting that medical records are at risk of data-theft, and 68% of all sectors admitting sensitive corporate information can be compromised by cyber-criminals. Finjan's report is available here (PDF, registration required). This survey comes a week after Forrester Research found in their survey that IT security spending is expected to rise (or at least remain the same) — with the current level of data breaches and sensitive data that is not protected well enough, there is a good reason for it.

In related news,

[toby]

Most companies admit they run Windows.

Alligatoring for Trolls

[A+non-mouse+Coward]

In related news, most companies admit they run Windows.

Wow. What a text book troll. Didn't know you still existed (your slashdot ID suggests you're an original slashdot troll).

Disclaimer: I am no MS fanboy. [This is typed on FF3 on Leopard, but I also run Windows and Ubuntu in VMs.]

Are you just trying the laffy-taffy equivalent of a slashdot joke from 1999? Or do you seriously believe that this security is still a "Microsoft problem"? The problem is that nobody can "comprehend" their large pile of software which is comprised of the foundational pile (languages, APIs, frameworks, etc.) and their own additional pile. To do "security" you really have to do "correctness". Most software vendors cannot even define "correct" behavior for their apps (they're so unwieldy), let alone prove their implementation follows the "correct" behavior model. Here are a couple examples to refresh your aging memory ...

Debian OpenSSL - SSH keys
Redhat's tight-lipped, who-knows-how-bad-of-shape-we're-in incident that at least required new code signing keys.
Apple's constant delay in shipping patches to all the open source software in their large pile of code they call "OS X"
The stream of iPhone security bugs (and this is our next generation of enterprise messaging portables?)
And the daily deluge of SQLi, Command Exec, XSS, CSRF, PHP file includes, etc., on Milw0rm.

Not even the academics can help us (at least not at the moment). Proving that a program is "safe" for any possible input turns out to be as difficult as the Halting Problem (which is undecidable).

This is all EXACTLY why all the comments that said ~ "I'm more concerned about the security pros who said unauthorized disclosure wasn't possible" are DEAD ON. So, use the following pseudo code to create the correct response ...

Select $why
CASE ($why == luddite): try {admit you have no clue about the state of software security in the early 21st century}

CASE ($why == badjoke): try {put away your slashdot laffy taffy}

CASE ($why == needattention):
if (parents.exist) try {make ammends with disapproving father}
if (generalAnger) try {attract with honey !vinegar}
if (!friends) try {make friends && influence people}
if (!hobbies) try {join charity}
ESAC

end select