Cyberdefenses are misdirected, report says
Organizations are finding it difficult to prioritize defense strategies against cyberattacks because most of them do not have an Internet-wide view of the attacks, according to a report from SANS Institute, the security training organization. As a result, two security risks--Web applications and phishing--carry the greatest potential for damage, even though users instead tend to concentrate on less-critical risks.The report, published by security training organization SANS Institute, amalgamates global data from security attacks on computers from March to August.
It identifies two main defense priorities for enterprise users. The first is targeted e-mail attacks, or spear phishing, that exploit client-side vulnerabilities in programs such as Adobe Systems' PDF Reader and Flash, Apple's QuickTime, and Microsoft's Office. These applications are described as the "primary initial infection vector used to compromise computers that have Internet access" and are the result of attackers taking advantage of "programming errors that are not being picked up by common vulnerability scanners."
The second priority is vulnerable sites. More than 60 percent of attacks are against Web applications and More...
09-15-2009 09:46
Current Focus
Latest News
- Disagreements on cyber risk East-West "Cold War"
- Cyberattacks Temporarily Cripple 2 Israeli Web Sites
- With Congress on break, SOPA fight continues
- Could Chrome overtake Internet Explorer in the browser wars?
- Beijing Imposes New Rules on Social Networking Sites
- Corporate America Must Fight, and Live With, China Hackers: View
- If Google’s target is Amazon, watch out
- Verizon to Buy Spectrum From Comcast for $3.6B
- Retailers adapt as mobile holiday shopping booms
- Target Works to Fix Website Before Black Friday