Online Security, a global provider of computer forensics and information technology risk mitigation since 1997   iac flash: Technology - Building in Security? Author:  Ed Appel Fact: Bill gates revealed that security is the single largest expense in Microsoft’s $6B annual R&D budget. Over 90% of desktops run Microsoft’s operating systems. New worms exploit widely-known vulnerabilities that allow the worm to proliferate, infect and potentially damage systems without user intervention or knowledge. A CSO Magazine on-line survey of 500 executives in cooperation with US Secret Service and Carnegie Mellon Software Engineering Institute reported that 43% saw a rise in electronic crimes in the past year, about 70% had at least one e-crime or intrusion and 56% operational losses as a result. Yet 32% had no formal plan for tracking e-crime losses, and 41% had no plan for reporting incidents. 71% of attacks came from outside sources, and only 29% from insiders. Over 77% fell prey to viruses and other malicious attacks. 36% reported terminating employees for misbehavior detected in employer monitoring. Among damaging security events, respondents cited DOS attacks, illegal spam, unauthorized insider access and phishing. Analysis: Since information systems are likely to remain very vulnerable indefinitely (including the 90%+ running Microsoft), a combination of vendor fixes, user security applications and strong vigilance will be needed to protect the enterprise – which should still expect attacks and e-crime losses, despite their best efforts. The Sarbanes-Oxley Act and related corporate controls in recent statutes demand stronger data protection. Comment: The peak of the vulnerability increase curve may have been reached, as Carnegie Mellon’s CERT reported a downward trend in new vulnerabilities reported for the first time in seven years, in the last quarter of 2003. As Microsoft and other systems increase built-in security and user defenses rise, e-crime prevention may make a dent in the geometric rise of computer crime experienced over the past seven years. Still, it can take a couple hours to download security updates for your new laptop. See: http://www.siliconvalley.com/mld/siliconvalley/8064789.htm http://www.computerworld.com/securitytopics/security/virus/story/0,10801,93154,00.html?SKC=virus-93154 http://nationaljournal.com/pubs/techdaily/features/scans/2004%20E-Crime%20Watch%20survey.pdf http://www.cxo.com http://www.computerworld.com/newsletter/0,4902,93755,00.html?nlid=SEC2