Week in Security: Cybercrime Survey, Microsoft Security Shuffle
%95 Cybercrime continues at a steady pace, but financial losses from computer attacks are down, according to the eighth annual Computer Crime and Security Survey by the Computer Security Institute (CSI) and the FBI. The survey queried 530 IT security professionals in U.S. businesses, government agencies, health-care organizations and universities. Although survey respondents reported about the same number of significant computer security incidents as last year, their losses from the breaches totaled $201.7 million, down sharply from the $455 million in losses reported last year, according to CSI. Seventy-five percent of this year's respondents reported financial losses, but only 251 could quantify the losses.
%95 Microsoft said Steve Lipner left the Microsoft Security Response Center to serve as director of security engineering strategy for the engineering and communications team in Microsoft's overall Security Business Unit. Lipner will be responsible for defining the company's security development processes and their application to new products. Replacing Lipner as head of the Security Response Center is Kevin Kean, who has been with Microsoft since 1996, most recently as senior group product manager for Windows Server 2003. The Security Response Center is responsible for handling security flaws in Microsoft software.
%95 Microsoft released several security patches, including a cumulative patch for Internet Information Service (IIS) that supersedes previous patches and fixes newly discovered vulnerabilities affecting IIS 4.0, 5.0 and 5.1. Details are available in Microsoft Security Bulletin MS03-018.
%95 A new OASIS committee will develop classification standards for Web security vulnerabilities. Standards developed by the OASIS Web Application Security Technical Committee will allow vulnerabilities to be published in a consistent manner to help companies, law enforcement and others understand their impact and level of threat, the group said.
%95 London-based security services firm mi2g said the record for successful and verified digital attacks carried out in one year was broken on May 25. The first 25 days of May recorded a total of 87,903 attacks, breaking the record of 87,525 for all of 2002. The company's records date back to 1995. Although the number of attacks is rising, the number of active malicious hackers has dropped to 1,152, down from 2,597 in 2001, mi2g said.
%95 Sixty percent of the financial losses suffered by businesses because of security breaches will be financially or politically motivated and caused by company insiders working alone or with outsiders, research firm Gartner estimated.
%95 MX Logic, a supplier of managed e-mail security services, launched a Web-based provisioning portal with tools designed to help its VAR partners provide customers with antispam, content-filtering and virus-protection services.
%95 SecureInfo, a provider of enterprise security management products, said it's working with BigFix, a supplier of patch management software, to integrate SecureInfo's Enterprise Vulnerability Management product with the centralized patching capabilities of BigFix.