By Neil Denslow
90% of cyberattacks through 2005 will exploit known security flaws that can be fixed, according to Gartner Group. The analyst house says most recent attacks could have been avoided if companies had been alert to security.
Ninety percent of cyberattacks through 2005 will exploit known security flaws that can be fixed, according to Gartner Group. The analyst house adds that the vast majority of recent victims of cyberattacks could have avoided the problem had they been more alert to security.“Nearly every major attack to hit the headlines [recently] involved the exploitation of known security flaws for which a patch or defence was widely known. Estimated losses from Code Red and Nimda were in the billions of dollars, yet Code Red exploited a flaw for which a patch was available. Proving that we never learn from our mistakes, Nimda exploited the same flaw just a few months later. Both continue to survive on the Internet today,” notes Richard Mogull, research director for GartnerG2.The analyst adds that 20% of enterprises will experience a serious Internet security incident through 2005. For those that are hit, the cleanup costs will be 50% higher than the prevention cost would have been.To avoid these problems, the report advocates a proactive security policy, with incident response procedures and monitoring of the right sources to detect an attack.“A proactive security posture doesn’t mean you attack hackers before they attack you — it means you have a well-developed response plan and keep looking for the early indications of an attack,” Mogull explains.