Slashdot Mirror

← Back to Stories (view on slashdot.org)

75% of Enterprises Have Suffered Cyber Attacks, Costing $2M+ On Average

Posted by CmdrTaco on from the that's-a-lot-of-green dept.

coomaria writes "OK, even allowing for the fact this comes from a newly published study (PDF) from a security company, that's still one heck of a statistic. The fact that it's Symantec, and so has access to perhaps more enterprises than most, makes it a double-heck with knobs on. Or how about this one for size: 'every enterprise, yes, 100 percent, experienced cyber losses in 2009.'"

10 of 81 comments (clear)

  1. I'm shocked by Dunbal · · Score: 4, Insightful

    This is like the MPAA/RIAA claiming that "piracy" is costing their respective industries "billions" of dollars. Seriously - if you can't spot the conflict of interest you need to turn in your critical thinking hat.

    This is just marketing to increase sales of their "security" products. In fact if you go to the actual PDF linked to in the article it looks suspiciously like a sales brochure, presenting the "problem" and at the end showing how Symantec is the "solution".

    --
    Seven puppies were harmed during the making of this post.
    1. Re:I'm shocked by Lumpy · · Score: 4, Insightful

      They claimed it hard enough that analog HD is dead at the end of this year.

      Because they scream louder than everyone else they get all the attention.

      This screaming about how EVERYONE has suffered losses will be used to force through more draconian laws.... because nobody in the tech field is screaming back.

      --
      Do not look at laser with remaining good eye.
  2. Hardly by RMH101 · · Score: 4, Funny

    Aw, c'mon. We've not spent nearly $2M on Symantec licences here, and I'd hardly call their sales pitch a cyber attack.

    I'm here all week, try the veal

  3. "a double-heck with knobs on" by circletimessquare · · Score: 4, Funny

    i'm not familiar with that metric. could you convert that into libraries of congress?

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  4. Re:Original report... by Dunbal · · Score: 5, Insightful

    Can anyone tell me what a "brand-related risk" might be for security professionals

          Presumably that would be "not buying Symantec security products".

    --
    Seven puppies were harmed during the making of this post.
  5. Re:Full Text by zappepcs · · Score: 4, Insightful

    And you might have heard on the commercial, 1 out of 4 women can't read a pregnancy test, so they made it easier to read. I'm pretty tired of advertising and mock white papers making it out like we're all stupid. Using Symantec security products won't make your business decisions smarter. What it will do is ensure that your minimum spending on security products is done with Symantec. A real white paper on security would have shown all options, and compared them to each other so you can not only make a decision to use security products and why you would do so, but which one suits your needs best.

    I think I'm at the point where if the ad, paper, or whatever describes me or other users or the demographic they are after as stupid, I will just shitcan it on principle.

    --
    Support NYCountryLawyer RIAA vs People
  6. Define "cyber attack". And don't use average by Anonymous Coward · · Score: 5, Insightful

    Connect any web server to the internet and you'll see tons of connections from botnets trying randomly to exploit various old vulnerabilities. Technically, these are attacks, though you don't need to worry about them if you're patched up.

    So is this saying anything more than 75% of enterprises have a web server?

    And the average cost is a meaningless number, since averages are swayed by outliers. If you wanted a good statistic for this, you'd use the median. Alternatively, compute the average of (cost of attack / yearly revenue).

  7. Re:symantec by Coopjust · · Score: 4, Funny

    I think Symantec should detect their own product as Trojan.Symantec.

    Seriously, Symantec and McAfee applications are more ill behaved with system resources than most viruses.

  8. I'd be surprised if it's anything less than 100% by jimicus · · Score: 5, Informative

    I seriously doubt Symantec are only counting "concerted attacks from a single original with a specific target in mind". More likely they mean "opportunistic attacks".

    So, to /., I say:

    • Raise your hand if your company consists of more than a handful of people.
    • Keep your hand up if your company has an internet connection.
    • Keep your hand up if you roll out managed AV software to all desktops and monitor it religiously (including checking for PCs which haven't been seen in a while).
    • Keep your hand up if every PC and every server has a full-blown firewall running locally which blocks all incoming traffic except for what you know for a fact you need.
    • Keep your hand up if you filter spam (either yourself or through a third-party service).
    • Keep your hand up if your filter successfully excluded 100% of all phishing and trojan-link-spreading emails over the last year.
    • Keep your hand up if your web access is filtered on a default-deny basis (ie. staff can only access pre-approved sites).
    • Keep your hand up if your web access is through a proxy which blocks the download of executables, ActiveX, Adobe PDFs, encrypted files (who knows what's in them?) and JavaScript.
    • Keep your hand up if you update all your PCs (including laptops, even if offsite) within 24 hours of the discovery of any security flaws in client software.
    • Keep your hand up if your switches only allow connections from pre-allowed MAC addresses.
    • Keep your hand up if you have done all of the above and still your staff are happy with the service you provide and don't try and work around you at every opportunity.

    Those of you who still have your hand up, well done. You've done just about all that is possible to secure your network short of giving everyone dumb terminals and your internal customers are delighted with everything you do.

    Everyone else will see an attack from time to time. The whole point of a of security is you have several layers so any attack won't get far.

  9. Which Enterprises are being counted? by Colonel+Korn · · Score: 5, Funny

    By my count (of Wikipedia), there are 2 Enterprises from the Continental Navy, 6 from the US Navy, 1 balloon, 1 space shuttle, 1 training ship, and 8 starships that are worth counting, for a total of 19 Enterprises. If 75% have suffered major cyber attacks and we round down, we have 14 cyber-victims.

    Here's where it gets weird. Clearly the 8 starships are attackable in the computerized sense. That leaves us with 6 other hackable Enterprises. Most likely 1 is the space shuttle, 1 is the training vessel, and 1 is the contemporary air craft carrier. But that means 3 more Enterprises were cyber-violated out of a pool containing a balloon used during the Civil War and 5 US Navy ships decommissioned between 1823 and 1947.

    This seems to be proof of a pre-modern technological underground. Or time travel.

    --
    "I zero-index my hamsters" - Willtor (147206)