Friday, October 05, 2007

Infosec Survey Deathmatch: CSI/FBI vs Deloitte

I did post this blurb from the recent security surveys; here are a few more observations.

CSI/FBI 2007 survey is here. We all know and love it as the best darn source of random numbers on this planet. Recent industry surveys prove that CSI/FBI survey numbers beat the quantum RNG systems at least 97.8% of the time and beat the laser-based random number generators approximately 77.72% of time, as long as the laser in question is not pointed at the Moon :-)

Still, I enjoy reading it every year! Yes, I am funny that way :-) So, this year's survey drops a BOMB (of sorts): malware is not longer the #1 cause of loss. Specifically, "Financial fraud overtook virus [A.C. - they really mean all malware here] attacks as the source of the greatest financial losses. Virus losses, which had been the leading cause of loss for seven straight years, fell to second place." Cool! But did it happen in reality, in respondents heads or not at all? You tell me!

To back up the above claim, the survey also discovers that "Insider abuse of network access or e-mail (such as trafficking in pornography or pirated software) edged out virus incidents as the most prevalent security problem, with 59 and 52 percent of respondents reporting each respectively."

Read the rest here (no, really, do read it!)

Deloitte Global Security survey is here. It is also a fun read, if a bit dry. A scatter of insights (it is a loooooong document...):

  • Lack of logging - is still one of the top 5 internal audit issue (30%)
  • Believe it or not, IAM is not a top operational priority
  • Unlike CSI/FBI above, viruses/malware still rule the top risks list (however, survey splits them into internal/external - and fraud shows up a bit near the top in the internal risks list)
  • Many people start to feel that privacy regulations often contradict security regulations (49%) No kidding! I am predicting this one will blow up soon, but maybe in Europe first (since US privacy regulations are weak)
Top Audit Issues:

Another fun one - why stuff fails (of course, it is the dirty humans! :-):

Read the rest here!Technorati tags:

No comments:

Dr Anton Chuvakin