What's happening: A new study from the respected SANS Institute finds that as IT departments have become better at defending against yesteday's cyberthreats, cybercriminals have moved on to a new generation of ever-more sophisticated attacks.
What it means: Sensitive corporate information — including access to the corporate coffers — is not being adequately protected.The security-software company McAfee estimated that companies around the world lost more than $1 trillion to cybercrime in 2008, .
What to do: Senior management must proactively manage the way IT staff manages network security. Review IT vulnerability management plans. Consider investing in a modern intrusion detection / prevention system. Since technology defenses alone are inadequate, make sure staff is trained to meet their security responsibilities and that they know cybercrime warning signals. Talk to your insurance broker about cybercrime insurance.
**********************************
Security Pros Are Focused on the Wrong Threats
By Riva Richmond
New York Times
Corporate information technology departments are prioritizing the wrong threats to their computer systems, focusing on old problems and leaving their companies open to a raft of new cyberattacks aiming at private customer and corporate information.
http://bits.blogs.nytimes.com/2009/09/15/security-pros-are-focused-on-the-wrong-threats/?hpw