CyberThreats: Complacency abounds

Gartner security guru John Pescatore gave his 2010 cyberthreat assessment Tuesday and not a lot has changed---other than the complacency levels of companies that are supposed to be protecting your data.

Threats have become more targeted, but the bulk of attacks are using the same techniques found a year ago. In the last year, there has been the Heartland Payment Systems breach, multiple attacks on educational institutions, worms galore and Conficker. The takeaway: Companies are lax.

Pescatore notes at the Gartner IT Symposium in Orlando:

The sophistication of the threats really did not make major advances over 2H08/1H09, other than seeing some new and clever evasion techniques. Most of the growth in quantity of attacks should be attributed to more measurement being made and the increase in required disclosures. This has fed the hysteria level along with attempts by various government agencies to gain funding for addressing cyberthreats, as well as the security market attempting to counter recessionary trends. The biggest change was the decline in ability to prevent or shield vulnerabilities — we are making it easier for attackers.

Among the issues:

• The state of Web application security is declining. Meanwhile, businesses are increasingly depending on insecure Web sites.
• Companies define security processes, but don't examine the security holes in automated interfaces between applications.
• Since targeted data is so valuable companies need to protect stored data better. That means encryption and other techniques.