Annual Security Reports, Part 1

Annual Report Pandalabs 2009
Topics include:
– 2009 in figures
– The year at a glance (Web 2.0, Blackhat SEO Techniques, Cyberwar)
– Threats in 2009 (The profitability of rogueware, Banker Trojans, Conficker)
– Spam
– Main vulnerabilities in 2009
– Trends in 2010

Download the full report here

---

Ernst & Young’s 12th annual global information security survey

Key survey findings include (taken Verbatim from the report):

Managing risks
– Improving information security risk management is top security priority for the next year.
– External and internal attacks are increasing.
– Reprisals from recently separated employees have become a major concern.

Addressing challenges
– Availability of skilled information security resources is the greatest challenge to effectively delivering information security initiatives.
– Despite most organizations maintaining current spending on information security, adequate budget is still a significant challenge to delivering security initiatives.
– Security training and awareness programs are falling short of expectations.

Complying with regulations
– Regulatory compliance continues to be an important driver for information security.
– Cost compliance remains high, with few companies planning to spend less in the next 12 months.
– Too few organizations have taken the necessary steps to protect personal information.

Leveraging technology
– Implementing DLP technologies is the top security priority for many organizations.
– The lack of endpoint encryption remains a key risk with few companies encrypting laptops or desktop computers.
– Virtualization and cloud computing are gaining greater adoption, but few companies are considering the information security implications.

Download the full report here

Advertisement

Global InfoSec Surveys and Adobe Reader Vulnerabilities

Ernst & Young’s 2008 Information Security Survey

EY released their Global Information Security Survey 2008 a few weeks ago. The survey was conducted from June 6 – August 1, 2008, in more than 50 countries and with nearly 1,400 participating organizations.

Some of the key findings were:

Protecting reputation and brand has become a significant driver for InfoSec

People remain the weakest link

International InfoSec standards are gaining greater acceptance

Growing third-party risk are not being addressed

Business continuity still bound to IT

Another notable finding is that despite of the current period of economic pressures and of slowed growth, only 5% of respondents indicated a planned reduction in InfoSec expenditures, while 50% were planning to increase their investment in InfoSec. This is supported by similar numbers from CIO Magazine, CSO Magazine and PWC’s Global state of information security survey 2008 (pdf, 2.79 MB). Key highlights are stated here, and another summary can be found in a NetworkWorld.com article.

For more information about the survey, click here. If you want a pdf copy of Ernst & Young’s 2008 Global Information Security Survey (1.42 MB) click here. For other informative pdfs from Ernst & Young regarding InfoSec, check out their Technology and Security Risk Services page.

---

Adobe Reader vulns remind us why updating ASAP matters

What I mean by ASAP here is after the correct patch management or change management procedures have been done. Patching/updating with no concern for proper procedures can easily lead to downtime and possibly even more vulnerabilities.

I’m saying this after the SANS Internet Storm Center came across pdf files that exploited the recently found Javascript buffer overflow vulnerability. They also took note that at the time of writing (Nov 7, 2008) NO ANTI VIRUS could detect the malicious pdf.

However, had you updated your Adobe Reader to version 9 (Windows systems) a few weeks back, you wouldn’t even need to think of the problem.