Nerds On Site

Some Sobering Facts and Stats

Thanks to Nerd Dennis Houseknecht for this post…
We do not want to be purveyors of FUD (Fear, Uncertainty and Doubt), but here are a few facts and statistics that we should make sure everyone is aware of:
– In 2009, more than 25 million unique malware programs were identified – more than all the malware programs created all previous years. Malicious computer programs outnumber legitimate ones (by orders of magnitude).
– The world\’s largest cloud computing user is not Google, or Amazon, or Microsoft – the ringleaders who control the 4.6 million computers in the Conficker botnet are the largest by far.
– The Mariposa botnet, which once controlled 13 million computers in 190 contries was not built by ultra-skilled hackers, but rather by 3 people who bought a \”botnet kit\” on the internet for $300.
– Antimalware Vendor Panda Security claims to have found some sort of malware infection on 48% of 21.5 million computers scanned in the fourth quarter of 2009.
– 53% of data breaches could have been avoided through control measures that are simple and cheap.
– 33% of data breaches involved companies with less than 100 employees.
– 74% of data breaches came from external sources, but the number or records compromised was much higher when the breach came from an internal source.
– Business partners, vendors, and contractors were responsible for 32% of data breaches.
– IT administrators were responsible for 50% of internal data breaches. Other employees were responsible for 41%.
– 90% of data breaches resulted from exploiting a vulnerability for which a patch had been available for 6 months or more.
– Only 5% of the breaches involved attacks that required a high skill level.
– 42% of data breaches were the result of attacks against remote access and control channels. Another 54% were the result of attacks against web applications or intetnet-facing systems.
– 81% of breaches were not discovered for weeks or months
– 69% of breaches were discovered by a third party
– 66% of the breached involoved data the the organization did not even know was on their systems
(These are selected statistics from 2008 and 2009)
Each of these has implications for for everyone, but especially small and medium enterprises.
Sources:
http://www.pandasecurity.com/img/enc/Annual_Report_PandaLabs_2009.pdf
http://www.antiphishing.org/reports/apwg_report_Q4_2009.pdf
http://securityblog.verizonbusiness.com/2008/06/10/2008-data-breach-investigations-report/
http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
http://www.computerworld.com/s/article/9180183/Fighting_today_s_malware?taxonomyId=142&pageNumber=1

Leave a Comment

Your email address will not be published.

Scroll to Top