IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Gartner Report: Enterprises will be hit by Cyber Attacks

Ninety percent of all cyber attacks through 2005 could be prevented, according to a study.

SAN DIEGO, CA - A report by GartnerG2, a research unit of Gartner, indicated that through the year 2005 20 percent of enterprises will experience a serious (a cyber attack) Internet security incident and most of them will have been preventable.

The report said that 90 percent of cyber attacks through 2005 will exploit known security flaws for which a patch is available or a solution known. It said that recent attacks could have been prevented if enterprises were more focused on IT security. The report was unveiled at the Gartner Symposium/Itxpo in San Diego, Calif.

"Nearly every major attack to hit the headlines involved the exploitation of known security flaws for which a patch or defense was widely known," said Richard Mogull, research director for GartnerG2. "Estimated losses from Code Red and Nimda were in the billions of dollars, yet Code Red exploited a flaw for which a patch was available, proving that we never learn from our mistakes," he said. Nimda exploited the same flaw just a few months later. Both continue to survive on the Internet today.

The report identified the top five IT vulnerabilities to cyber attacks as the following:

*Security of suppliers and partners
*No benchmarking (spending and value)
*Security not integrated into projects
*Poor governance and culture
*Lack of risk management integration.

The report says that security must be proactive to be effective and that enterprises need to develop incident response procedures and monitor the right sources to detect an attack.

"A proactive security posture doesn't mean you attack hackers before they attack you," Mogull said. "It means you have a well-developed response plan and keep looking for the early indications of an attack."

Mogul said that if no cyber-incident response team exists within the enterprise the formation of one should be a consideration.