quinta-feira, 6 de setembro de 2012

A REAL STORY 
Alarming results were announced after a recent survey conducted by the Ponemon Institute Research and Juniper Networks. The result is related to what we have seen in the media recently, hackers are almost always successful in their efforts to invade a site, and stopping them is no easy task.The news shows that 90% of companies suffered some kind of attack in the last 12 months. Over 77% have suffered attacks had actually internal problems due to the success of hackers in the invasion. 
Respondents reported having a very low confidence in their ability to prevent attacks. Many believe that simply are not prepared.53% believe they will also face some kind of attack in the next 12 months.Attacks on websites are often using classic vulnerabilities as "SQL Injection and Cross Site Scripting (XSS). 'What are the biggest barriers to implementing an effective security strategy?Almost half (48%) of companies surveyed said they found safety procedures too complex to implement. Another 48% also mentioned the lack of resources. Companies are looking at the cost of safety procedures and practices complex and analyzing them as expensive to implement.Thus check the possibilities are cheaper.Vulnerability scanners are becoming an ever more effective in detecting faults and take corrective action with reduced cost.As for the consequences of these attacks, companies are seeing that the theft of information and business interruption losses are more severe. With so much money being lost in violations, companies need to invest more money in more preventative security measures even with reduced cost."What we see is that in today's environment, systems" hacked "is almost a statistical certainty.
"A real fact. He warned that there would be an invasion sites in the corporation, but no one took action.On several occasions the analyst SI informed the IT developments that had vulnerabilities in web sites of the corporation. He analyzed, identified, reported and pointed out that should be considered for settlement, however was not granted.Months passed and patch updates were installed, new devices were placed to improve perimeter security, however the application was not a single line of code updated for protection, only lines to improve customer service and streamline the business. How many of you have heard this story.
When this occurs, IT loses itself, along with the corporation, she takes the blame for failing to observe safety guidelines and parameters in its internal development.A notification of security is proactive rather than an invasion and consequent graffiti site developed, Be it outsourced or internal development, the role of SI is also possible to analyze vulnerabilities and liable.An example worthy hit occurred on one occasion, when an analysis done on a Brazilian site in the U.S.. The analysis showed more vulnerability on the site than holes in Swiss cheese. A notice sent to holders of the site in this country warned that the problem for biggest surprise was resolved in just over two weeks. Impressive concern and best for the Corporation as the situation was resolved in a timely manner.The same situation occurred in the corporation with a website only available in Brazil has not had the same attention and resolution of vulnerabilities. Guess what happened to this site?La was a graffiti Brazilian to traditional modes of usual invaders.

Um comentário:

SKIMLINKS