Gartner Survey Ranks Threats

I found the article Corporates focus on basics for IT security defences by John Leyden to be interesting. He reports on a survey presented by Gartner at their recent IT Security Summit. Gartner's survey found that IT staff ranked threats as follows:

   1. Viruses and Worms
   2. Outside Hacking or Cracking
   3. Identity Theft and Phishing
   4. Spyware
   5. Denial of Service
   6. Spam
   7. Wireless and Mobile Device Viruses
   8. Insider Threats
   9. Zero Day Threats
  10. Social Engineering
  11. Cyber-Terrorism

I am disappointed to see social engineering ranked so low. I am glad cyber-terrorism is dead last. I am surprised to see outside hacking ranked so high, even though I agree it should be a top three priority.

Here is the list I would create (if I had to call these "threats;" many of these are not "threats." I rank these "problems" or issues using a mixture of likelihood and damage inflicted. I do not agree with all the categories presented, but here is my best assessment.

   1. Viruses and Worms
   2. Outside Hacking or Cracking
   3. Spyware
   4. Denial of Service
   5. Insider Threats
   6. Identity Theft and Phishing
   7. Social Engineering
   8. Zero Day Threats
   9. Spam
  10. Wireless and Mobile Device Viruses
  11. Cyber-Terrorism

Also according to John, "More than half the respondents said they preferred buying 'best-of-breed' products from multiple technology providers while a third of those quizzed preferred integrated security suites, a preference catered for by a growing list of firms selling integrated security appliances."

By the way, I contacted Gartner about covering the summit for this blog and they completely ignored me. Thanks guys! So much for "new media" and the "blogosphere."

Comments

Anonymous said…
Arrgh! another bogo-survey based on a self-selected sample. Surveys in which the respondent base is uncontrolled, may be biassed, and is self-selected are actually worth less than no survey at all.

On the other hand, since it's a Gartner survey, they probably just made the numbers up anyhow, so survey methdologies aren't very important in this case.

mjr.
11:37 PM
Anonymous said…
Making a list of biggest threats depends on "what's your threat model?" Which has a very important component, being "Who are you?"

Users who are being phished via their secure browser are obviously going to put phishing at the top - if they know about it. Users who have heard that malware slows down their PC will say that is worst. Companies that have to pay for IDS, firewalls experts, audits and whathaveyou will say they are the worst, even if they are being raided by trojans and don't know it!

Every one has a different threat exposure. There is no way to easily sidestep the need to analyse ones own threats, except by disengaging...
10:14 AM
Post a Comment

Popular posts from this blog

Zeek in Action Videos

Image
This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project .  Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on.  I am especially pleased with Video 6 on monitoring wireless networks . It took me several weeks to research material for this video. I had to buy new hardware and experiment with a Linux distro that I had not used before -- Parrot .  Please like and subscribe, and let me know if there is a topic you think might make a good video.
Read more

MITRE ATT&CK Tactics Are Not Tactics

Image
Just what are "tactics"? Introduction MITRE ATT&CK  is a great resource, but something about it has bothered me since I first heard about it several years ago. It's a minor point, but I wanted to document it in case it confuses anyone else. The MITRE ATT&CK Design and Philosophy document from March 2020 says the following: At a high-level, ATT&CK is a behavioral model that consists of the following core components: • Tactics, denoting short-term, tactical adversary goals during an attack; • Techniques, describing the means by which adversaries achieve tactical goals; • Sub-techniques, describing more specific means by which adversaries achieve tactical goals at a lower level than techniques; and • Documented adversary usage of techniques, their procedures, and other metadata. My concern is with MITRE's definition of "tactics" as "short-term, tactical adversary goals during an attack," which is oddly recursive. The key word in the tacti
Read more

New Book! The Best of TaoSecurity Blog, Volume 4

Image
  I've completed the TaoSecurity Blog book series . The new book is  The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship .  It's available now for Kindle , and I'm working on the print edition.  I'm running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up. I described the new title thus: Go beyond TaoSecurity Blog with this new volume from author Richard Bejtlich. In the first three volumes of the series, Mr. Bejtlich selected and republished the very best entries from 18 years of writing and over 18 million blog views, along with commentaries and additional material.  In this title, Mr. Bejtlich collects material that has not been published elsewhere, including articles that are no longer available or are stored in assorted digital or physical archives. Volume 4 offers early white papers that Mr. Bejtlich wrote as a network defender, either for technical or pol
Read more