• tags: cyberwar cyberwar-skepticism

    • Lynn’s proposals are provocative. But the strategy could be costly and perhaps cumbersome, and it involves threats that aren’t well understood by the public — even by many of the companies that could be targets of attacks. So the first order of business should be more public information: Everyone needs to understand the risks of attack, and the costs and benefits of mobilizing against it.
    • In the debate about cyberstrategy, I hope officials will recognize the dangers of militarizing the global highway for commerce and communication. Of course we want to protect ourselves against threats. But as with human viruses, hostile computer bugs will evade our best efforts at quarantine. A new (and expensive) obsession with cybersecurity is not what this traumatized country needs.
  • The take-away from this summary seems to be that while the number of incidents has risen, the impact of those incidents in terms of losses has continued to decrease. ¬†What’s more, lack of security awareness by insiders remains a significant source of losses.

    tags: cyberwar

    • Respondents reported big jumps in incidence of password sniffing, financial fraud, and malware infection.
    • Average losses due to security incidents are down again this year (from $289,000 per respondent to $234,244 per respondent), though they are still above 2006 figures.
    • Twenty-five percent of respondents felt that over 60 percent of their financial losses were due to non-malicious actions by insiders.
    • Respondents were satisfied, though not overjoyed, with all security technologies.
    • Most respondents felt their investment in end-user security awareness training was inadequate, but most felt their investments in other components of their security program were adequate.

Posted from Diigo. The rest of my favorite links are here.