By Brian Czarny
Webroot recently surveyed more than 300 email and Web security professionals about email management, compliance, archiving, encryption, spam, viruses, Web filtering and Web-based malware attacks. Our research shows that security practices and risk perceptions have evolved over the last year – the top three security concerns are email threat protection, data security/confidentiality and Web threat protection. Other highlights of the survey include:
- Security professionals are clearly worried about insufficient resources for Web security– a potential result of the economic downturn.
- The large number of organizations that were required to retrieve email for legal or compliance reasons within the last year indicates that email archiving services are becoming increasingly important.
- Most companies experienced some type of negative impact due to Web-based threats over the last 12 months, ranging from server outages and disrupted business activities to compromised data or transactions.
- 23% of survey respondents experienced a data breach – which cost between $10,000 and $1 million:
Just two weeks ago, Heartland Payment Systems disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants in one of the largest breaches on record. This past April, the Virginia Department of Health Professions learned that its Prescription Monitoring Program (PMP) computer system had been accessed by an unauthorized user – who then demanded $10 million to return over 8 million patient records and 35 million prescriptions.
By Andrew Brandt
In an era when virtually all businesses use the Internet, in one form or another, to get work done, it’s worth asking the question posed in the title of this blog entry. Think Security First is an organization dedicated to helping spread security gospel to businesses — via chambers of commerce. Their goal: to create a Neighborhood Watch for the Internet, organized around these local business groups.
On Monday, I and several other speakers had the opportunity to address representatives of chambers of commerce at a panel discussion organized by Neil O’Farrell, the group’s founder and chief evangelist. Webroot is a sponsor of the group, along with several other security software companies, credit reporting agency Experian, Microsoft, and various law enforcement agencies. Among the other speakers were former white house cybersecurity czar Andrew Purdy; Dyann Bradbury, the director of the FBI’s Infragard program; and Michael Levin, a cybercrime expert who worked for the Secret Service and helped run Homeland Security’s National Cyber Security Division.
Though all the speakers brought their perspectives to the panel, the bottom line from all the panelists ended up in virtually the same place: Businesses, and the people who run them, have to make fundamental changes about to how they address security concerns, putting thought from the ground up into the security of their own systems and data, and privacy of customer information.
As someone who’s beat that drum for more than a decade, it was both refreshing to hear a chorus of agreement, and frustrating that — eight years after the organization was founded — security evangelists say they feel stuck in a kind of Groundhog Day-esque repetition of the same advice, over and over, while at the same time are constantly reminded that businesses fail to adhere to good security practices every time news breaks about worm infections taking down networks, or a laptop full of customer data vanishes from a bag or is left in an airport/train seat/unlocked car.