Slashdot Mirror

← Back to Stories (view on slashdot.org)

75% of Enterprises Have Suffered Cyber Attacks, Costing $2M+ On Average

Posted by CmdrTaco on from the that's-a-lot-of-green dept.

coomaria writes "OK, even allowing for the fact this comes from a newly published study (PDF) from a security company, that's still one heck of a statistic. The fact that it's Symantec, and so has access to perhaps more enterprises than most, makes it a double-heck with knobs on. Or how about this one for size: 'every enterprise, yes, 100 percent, experienced cyber losses in 2009.'"

1 of 81 comments (clear)

  1. I'd be surprised if it's anything less than 100% by jimicus · · Score: 5, Informative

    I seriously doubt Symantec are only counting "concerted attacks from a single original with a specific target in mind". More likely they mean "opportunistic attacks".

    So, to /., I say:

    • Raise your hand if your company consists of more than a handful of people.
    • Keep your hand up if your company has an internet connection.
    • Keep your hand up if you roll out managed AV software to all desktops and monitor it religiously (including checking for PCs which haven't been seen in a while).
    • Keep your hand up if every PC and every server has a full-blown firewall running locally which blocks all incoming traffic except for what you know for a fact you need.
    • Keep your hand up if you filter spam (either yourself or through a third-party service).
    • Keep your hand up if your filter successfully excluded 100% of all phishing and trojan-link-spreading emails over the last year.
    • Keep your hand up if your web access is filtered on a default-deny basis (ie. staff can only access pre-approved sites).
    • Keep your hand up if your web access is through a proxy which blocks the download of executables, ActiveX, Adobe PDFs, encrypted files (who knows what's in them?) and JavaScript.
    • Keep your hand up if you update all your PCs (including laptops, even if offsite) within 24 hours of the discovery of any security flaws in client software.
    • Keep your hand up if your switches only allow connections from pre-allowed MAC addresses.
    • Keep your hand up if you have done all of the above and still your staff are happy with the service you provide and don't try and work around you at every opportunity.

    Those of you who still have your hand up, well done. You've done just about all that is possible to secure your network short of giving everyone dumb terminals and your internal customers are delighted with everything you do.

    Everyone else will see an attack from time to time. The whole point of a of security is you have several layers so any attack won't get far.