Businesses are finding it difficult to prioritize defence strategies against cyberattacks because most of them do not have an internet-wide view of the attacks, according to a report from Sans, the security training organization.
As a result, two security risks — web applications and phishing — carry the greatest potential for damage, yet users instead tend to concentrate on less-critical risks.
The report, published by security training organisation Sans, amalgamates global data from security attacks on computers from March 2009 to August 2009.
It identifies two main defense priorities for enterprise users. The first is targeted email attacks, or spear phishing, that exploit client-side vulnerabilities in programs such as Adobe's PDF Reader and Flash, Apple QuickTime and Microsoft Office. These applications are described as "the primary initial infection vector used to compromise computers that have Internet access", and are the result of attackers taking advantage of "programming errors that are not being picked up by common vulnerability scanners".
More: http://news.zdnet.com/2100-9595_22-342710.html
As a result, two security risks — web applications and phishing — carry the greatest potential for damage, yet users instead tend to concentrate on less-critical risks.
The report, published by security training organisation Sans, amalgamates global data from security attacks on computers from March 2009 to August 2009.
It identifies two main defense priorities for enterprise users. The first is targeted email attacks, or spear phishing, that exploit client-side vulnerabilities in programs such as Adobe's PDF Reader and Flash, Apple QuickTime and Microsoft Office. These applications are described as "the primary initial infection vector used to compromise computers that have Internet access", and are the result of attackers taking advantage of "programming errors that are not being picked up by common vulnerability scanners".
More: http://news.zdnet.com/2100-9595_22-342710.html