quarta-feira, 3 de agosto de 2011

A TRUE STORY



Alarming results were announced after a recent survey by the Ponemon Institute Research and Juniper Networks. The result is related to what we have seen in the media recently, hackers are almost always successful in their efforts to invade a site, and stop them is no easy task. The news shows that 90% of companies suffered some type of attack in the last 12 months. Over 77% who had actually suffered attacks internal problems due to the success of hackers in the raid. Respondents reported a very low trust in their ability to prevent attacks. Many believe that simply are not prepared. 53% believe they will also face some sort of attack in the next 12 months. Attacks on websites are often using classic vulnerabilities as "SQL Injection and Cross Site Scripting (XSS). " What are the biggest barriers to implementing an effective security strategy?
Almost half (48%) of companies surveyed said they found the security procedures too complex to implement. Another 48% mentioned the lack of resources. Companies are looking at the costs of security procedures and practices and complex, analyzing them as expensive to implement. Thus check the possibilities are cheaper. Vulnerability scanners are becoming an ever more effective in detecting faults and take corrective measures at a reduced cost. As for the consequences of these attacks, companies are seeing that the data theft and business interruption losses are more severe. With so much money being lost in breaches, companies need to invest more money in more preventative security measures even at reduced cost. "What you see is that in today's environment, systems" hacked "is almost a statistical certainty."
A fact
He warned that there would be an invasion of the sites of the corporation, but no one took action.
For several times the analyst said the SI had vulnerabilities in the IT development of corporate web sites. He analyzed, identified, reported and noted that should be considered for settlement, but was not granted.
Months passed and patch updates were installed, new devices were placed to improve perimeter security, however the application had not a single line of code updated for protection, only lines to improve customer service and streamline the business.
How many of you have heard this story?
When this occurs, the IT loses itself, along with the corporation, she takes the blame for failing to observe safety guidelines and parameters in its internal development.
A notification of security is proactive rather than an invasion and subsequent tagging of the site developed, whether outsourced or internal development, the role of SI is also possible to analyze vulnerabilities and liabilities.
An important example of success occurred on one occasion, when an analysis done on a Brazilian website in the U.S.. The analysis demonstrated vulnerabilities in the site more than holes in Swiss cheese. A notice sent to holders of the site in the country warned that the problem for biggest surprise was resolved in just over two weeks. Impressive concern and better for the Corporation as the situation was resolved in a timely manner.
The same situation occurred in the enterprise with a site available only in Brazil did not have the same attention and resolution of vulnerabilities. Guess what happened with this site?
La graffiti was a Brazilian to traditional modes of common invaders.

Nenhum comentário:

Postar um comentário

SKIMLINKS