Information Security News mailing list archives
Worried about sophisticated attacks, agencies ignore low-tech threats
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 31 Aug 2011 04:30:04 -0500 (CDT)
http://gcn.com/articles/2011/08/30/endpoint-security-low-tech-threats.aspx By William Jackson GCN.com Aug 30, 2011Sophisticated attacks using Advanced Persistent Threats are top of mind for nearly two-thirds of government IT officials in a recent security survey, but too little attention often is being paid to the low-hanging fruit being exploited by low-tech attacks.
“The results reinforce what we have known for a while,” said Dan Brown, director of security research for Bit9, the security company that did the survey. “The bar is not as high as we would like to think.”
The survey showed what Brown called “gaping holes” in security policy and practices that can let malicious code into an enterprise through unmanaged devices and downloading of applications.
Although most government organizations and defense contractors represented in the survey restrict some administrative rights of end users, 7 percent have no restrictions, and security too often relies on written policies without enforcement. As a result, two-thirds of respondents allow some downloading of software and 40 percent of them found spyware on computers. Nearly a third of them found known viruses and malware, as well as some zero-day exploits.
[...]
_____________________________________________________________ Register now for the #HITB2011KUL - Asia's premier deep-knowledge network security event now in it's 9th year! http://conference.hitb.org/hitbsecconf2011kul/
Current thread:
- Worried about sophisticated attacks, agencies ignore low-tech threats InfoSec News (Aug 31)