The gap between IT-safety threats and the actions for IT protection becomes wider. In other words, specialist can"t react at risks, caused with the constants business development, adequately.
In order to understand what we do to for IT-safety, we have to pay attention to its base " computer safety. And we should remember that we have to do everything to protect any company data from hackers.
Do you have a "Security Plan", which quantify the percentage of systems with approved system security plans and the percentage of current system security plans"
- Related KPIs:
The majority of hacker frauds are possible because of existing software vulnerability. More and more harmful code appears in Web. This code implements to the computers, makes planned actions and continues the further spread.
Nowadays such vulnerabilities are sought intentionally, by the hackers as well as by the producers. The first are trying to use bugs in order to get access to the information resources, the second are trying to keep own reputation and clients" information resources safe.
E.g., if in 2004 the ratio of frauds was 1 fishing to 943 e-mails, in 2005 the ratio was 1 fishing to 304 e-mails.
Due to statistics, hackers crack up to 90% of companies" networks. According to Eugene Kaspersky, the amount of Trojan programs raised double the amount. Nowadays nearly 75 % hackers" attacks are turned to crack the banks accounts of to get the outlawed information. Due to same forecasts, this amount will increase. If 10 years ago hackers sent viruses just to hooligan (remember Trojan Love Letter), nowadays the situation changed cardinally. Asia region deals with the online games fraud, Portuguese and Hispania steel from banks, Russia and Commonwealth of Independent States counties attack proxy-servers, steal personal data, and DOS-attacks, that are less and less popular.
Another important task is to protect personal information of your employees from hackers' attacks, e.g. identity theft. This should be performed in tights integration with HR department.
What is their responsibility for such state of affairs" Let us recollect some facts. In 2005 there were 812 "bugs" in the Windows OS. 29 of them were not removed, that"s why Windows got the status of critically dangerous OS.
Microsoft during their month software product update issue patches with vulnerabilities. Several of them are characterized as critically dangerous and can be used with the aim of destructive operations performance.
For example, all OS Windows (except Server 2003) have the bug that is successfully used by hackers. It is connected with Microsoft XML Core Services 4.0, as well as with XMLHTTP 4.0 ActiveX Control. This bug allows getting the full operational system control. The fix has not been available yet.
The most interesting fact is that hackers begin to exploit such "bugged" programs just after their issue. So, it leads to the thought that hackers accommodated themselves to the company programs update.
The damage caused by hackers differs. In 2004 the sum total was up to 17 billions dollars, in 2004 it raised to 155, 5 billions dollars.
The major safety element is the computer OS. The most safe platforms are considered to be Apple Mac OS X and UNIX - BSD (Berkeley Software Distribution). Linux and Microsoft Windows were considered as the most vulnerable. Such conclusions were made after successful hackers" attacks analyses (2003- 2004).
Do you have: Authentication and Authorize Processing measurements metrics" It should be measured as a non-public data that is accessible after authorization
According to Eugene Kaspersky, the amount of Trojan programs raised double the amount. Nowadays nearly 75 % hackers" attacks are turned to crack the banks accounts of to get the outlawed information. Due to same forecasts, this amount will increase. If 10 years ago hackers sent viruses just to hooligan (remember Trojan Love Letter), nowadays th situation changed cardinally.
Asia region deals with the online games fraud, Portuguese and Hispania steel from banks, Russia and Commonwealth of Independent States counties attack proxy-servers, steal personal data, and DOS-attacks, that are less and less popular.
And
how people react to such situations, what
measures do they implement in order
to protect their metrics and scorecards" Statistics states that only
14 % of people don"t take care about it. All other people try to protect
themselves from hackers" fraud.
They carry out system facilities certification testing, increase security administrators" qualification through various trainings. How else can they provide the effective protection" Everybody has to think about it for us to overcome the IT-crises in our country and avoid the irreversible consequences.