Through 2005, 90 percent of cyber attacks will exploit known security flaws for which a patch is available or a solution known, according to Gartner. Gartner says that not only are patches available before the cyber attacks, but 90 percent of the attacks are imitation ones. Moreover, recent cyber attacks could have been avoided if enterprises were more focused on their security efforts.

"Nearly every major attack to hit the headlines involved the exploitation of known security flaws for which a patch or defense was widely known," says Richard Mogull, research director for GartnerG2. "Estimated losses from Code Red and Nimda were in the billions of dollars, yet Code Red exploited a flaw for which a patch was available, proving that we never learn from our mistakes. Nimda exploited the same flaw just a few months later. Both continue to survive on the Internet today."

Through 2005, 20 percent of enterprises will experience a serious (beyond a virus) Internet security incident. Of those that do, the cleanup costs of the incident will exceed the prevention costs by 50 percent.

Many enterprises are trying to prepare for cyber attacks and identify the problem areas. GartnerG2 has identified the top five IT vulnerabilities to cyber attacks:

  • Security of suppliers and partners
  • No benchmarking (spending and value)
  • Security not integrated into projects
  • Poor governance and culture
  • Lack of risk management integration

"A proactive security posture doesn't mean you attack hackers before they attack you – it means you have a well-developed response plan and keep looking for the early indications of an attack," Mogull said.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access