Welcome to the Proxy Update, your source of news and information on Proxies and their role in network security.

Friday, June 5, 2009

How scared should you be about security statistics?

Every day we hear about a new piece of malware, some new threat making its way through the Internet. As a security administrator, it certainly makes one wonder if their environment is secure enough. Network World tackled the question about how scared administrators should be about security statistics, given the abundance of information we see every day regarding security threats.

The article starts by trying to scare us with some pretty impressive statistics:


Did you know the number of crimeware-spreading Web sites infecting PCs with password-stealing crimeware reached an all-time high of 31,173 in December, according to the APWG (formerly Anti-Phishing Working Group) coalition?

Or that data breach costs rose to $6.6 million per breach last year, up from $6.3 million in 2007, according to the Ponemon Institute. Or that 3% to 5% of enterprise desktops and servers, mainly Windows, are apt to be infected with botnet code, according to security firm Damballa, based on an analysis of its customers' network traffic?


The answer? It depends. Each environment is different, and the administrator needs to be comfortable with their level of security they already have implemented in their environment. If you know you're running without a proxy for security for example, you probably have good reason to be scared. But if you've already implemented a best of breed solution, you probably sleep pretty good at night.

The article also notes, that how security statistics are viewed differs widely by country as well:


"It's fascinating to see how different the results are by country and demographics," says Tim Kelleher, vice president and general manager of managed security services at Unisys. "The world isn't homogenous. In France, no one is very worried about this stuff at all. But in Brazil and some of the Asian countries, people are feeling very insecure online. The U.S. is sort of in the middle."In general, Kelleher thinks statistical trends are more significant than the numbers bandied about at the moment.

No comments: