Malware rebounds as cause of data loss

The 2009 CSI Computer Crime and Security survey identified a number of shifts in significant cybersecurity threats this year. Malware infections jumped to 64% from 50%, reversing a dip in the number of companies experiencing malware infections that started in 2005. That year, the figure was 74%.

Other significant changes were an almost doubling in the percentage of companies that experienced password sniffing attacks, from 9% last year to 17% this year. And the percentage of respondents reporting financial fraud increased from 12% last year to one in five companies in 2009.

Companies were eager to buy technologies that would help them gain a better view of their security. "When asked what security solutions ranked highest on their wishlists, many respondents named tools that would improve their visibility - better log management, security information and event management, security data visualization, security dashboards and the like", said Sara Peters, senior editor at the CSI, and author of the report.

However, log management was among the technologies with which respondents were least satisfied.

But organizations still need to do a lot of work in terms of protecting their assets. Sadly, almost half of respondents had no formal data destruction policy in place. Around 10% had no policy at all, while nearly 20% had an informal policy in place.

There were some promising signs, however, that companies are making more of an effort to protect their data. The percentage of companies encrypting data at rest rose significantly to reach 62%. Other security technologies that increased in popularity included encryption of data in transit, and the use of network access control (NAC).

What’s Hot on Infosecurity Magazine?