The "Melissa" and "I Love You" viruses that propagated via e-mail are 5 years old or more. Not only is e-mail more dangerous than it was when we were worried about two-digit date codes, but we've added spam and phishing to really make the security guys pull their hair out.
To be fair, there has been progress here. BorderWare Technologies and McAfee have great e-mail security products, but this is definitely an area where we take two steps forward, then one step back.
Worm holes
What about worms? In August 2003, everyone got slammed by MSBlast and Sobig, to the tune of about US$4 billion dollars in damage worldwide.
We may have made some progress on worm prevention since then, but the lion's share of companies are still suffering. In our survey, 66 percent of users said their organisations had been impacted by a worm in the last 12 months, and more than half those were hit more than once.
Almost everyone said their businesses suffered financial and operational impact from worms, and 14 percent of users said this impact was severe. Yikes!
We got tons more data -- too much to expound upon here, so I'll do my best to offer a summary. Most users see risk, threats and vulnerabilities all around them but remain confused about which way to turn. Before choosing a technology solution, they labour through about a half dozen disparate product evaluations, adding time and cost to the implementation process while their organisations remain insecure.
The data did show some positive signs. For example, ESG found that companies that have adopted Intrusion Prevention Devices (IPS) said they'd had fewer security problems and voiced a great deal of satisfaction.
Of course, there are also a lot of investment dollars at hand to finance new companies with better mousetraps in time for next year's RSA Conference.
Nevertheless, after analyzing this data for the past month, I still have visions of security Sisyphus pushing an ever-growing boulder up an ever-steeper hill.
I love San Francisco, and RSA is always a blast. It's not just the cocktail parties; it's the opportunity to speak with the brightest minds in our industry and compare notes on what everyone is seeing. This year, however, I'll make sure to curb my enthusiasm and seek out the security professionals in the crowd for a reality check. It won't be hard to do -- they'll be the harried-looking men and women constantly on their cell phones in the midst of the industry glitz.
biography
Jon Oltsik is a senior analyst at the Enterprise Strategy Group.
8%
1%
Wow! Another article that goes no where in particlular other than another self plug.
Millions of dollars are invested by companies to create spyware (refer Ben Edelman) while Adware (web analytics) companies fight a daily war against each other, on your corporate desktop (if no corporate anti-spyware is running!). They have realized that only one program at a time can be hidden with minimum loss process power.
Meanwhile, at COAST a body set up to focus on the spyware issues, things are not business as usual today.
Co-founder Webroot (spysweeper)have resigned along with Computer ****ociates - due to differences with Adware companies looking to make a fast buck from internet surfers, be they business or personal.
Coincidentally, Webroot just received a very large sum to further their push their product range into the corporate security world.
I guess when all this is resolved, we will all be siting pretty;)