Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
10 Cybercrime Myths that Could Cost You Millions
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
 User Rank: Ninja
5/4/2017 | 3:10:27 PM
Re: #4
@Marc: Gotcha.

23% of all respondents or 23% of those 40%?  Because you'd want to correlate that and know how that split works.
Marc Wilczek
50%
50%
Marc Wilczek,
 User Rank: Author
5/3/2017 | 1:52:54 AM
Re: #4
@Joe: Just look at the stats of the Radware report: "mom-and-pop shops" don't represent 40% of the survey respondents. Only 23% of the respondents are from organizations with <100 employees.
faizmughal
50%
50%
faizmughal,
 User Rank: Apprentice
5/2/2017 | 3:13:30 AM
Re: #4
nice
IDONTHAVEANICKNAME
50%
50%
IDONTHAVEANICKNAME,
 User Rank: Apprentice
5/1/2017 | 1:21:13 PM
10 Cybercrime Myths that Could Cost You Millions
To which I could add an eleventh:

"I have'nt heard it from the BBC so it can't be an issue"

Yeah really....I did hear this from someone who shall remain nameless!

 

 

 
Joe Stanganelli
50%
50%
Joe Stanganelli,
 User Rank: Ninja
5/1/2017 | 1:03:08 PM
Re: #4
@Marc: It's striking but I'm not sure how surprising it is, depending upon what the proportion of small, medium, and large businesses is and what the industry split is.  For a large healthcare or life-sciences organization to not have an incident-response plan is practically unheard of.  For a small mom-and-pop retailer to not have an incident response plan is not at all surprising (despite the wisdom of the decision).
Marc Wilczek
50%
50%
Marc Wilczek,
 User Rank: Author
4/30/2017 | 1:43:26 AM
Re: #4
Your idea goes two steps further. What I find most striking about #4 is that "40% have no incident response plans" -- that's at least 'surprising' to put it mildly. Still far too many organizations are unprepared and hit by surprise, if an incident occurs.
Joe Stanganelli
50%
50%
Joe Stanganelli,
 User Rank: Ninja
4/29/2017 | 6:31:06 PM
#4
Moreover, with all the debate about offensive cybersecurity -- i.e., "hacking back" -- as well as the legal uncertainties surrounding it, even some of the more security-conscious firms could feel stifled.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/1/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Well I dont run on MacOS, so I need to take extra precautions"
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10136
PUBLISHED: 2020-06-02
Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access cont...
CVE-2020-13757
PUBLISHED: 2020-06-01
Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing exces...
CVE-2020-13758
PUBLISHED: 2020-06-01
modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.
CVE-2020-9291
PUBLISHED: 2020-06-01
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.
CVE-2019-15709
PUBLISHED: 2020-06-01
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.