Comments on: GFI Survey – 4 in 10 US Companies are NOT Secure!

By: eM3rC

eM3rC — Tue, 12 Feb 2008 02:05:36 +0000

@Sir Henry/J. Lion

Total agreement with you. If a company posses any kind of sensitive data (ie any customer information which is pretty much every company in existence) it should do whatever it can to protect its clients. Although it may seem like an extra cost for the company it is worth every cent.

By: Sir Henry

Sir Henry — Mon, 11 Feb 2008 23:10:11 +0000

@J.Lion:

If your company has sensitive data, or a need to keep some portion of its data private or secure, then security it not only for big companies. I really do not think security it only for big companies, simply for the fact that data, regardless of the company size, has commensurate value to someone out in the wild.

By: J. Lion

J. Lion — Mon, 11 Feb 2008 23:04:27 +0000

Well – security is only for the big companies. It won’t happen to us. (fingers crossed)

By: eM3rC

eM3rC — Thu, 07 Feb 2008 05:21:55 +0000

This article seems very fascinating to me. I think the numbers of vulnerable computers (in companies of course) would be much higher than 40%. Of the companies that I have worked at, many of the computers were not protected by any kind of malware software, while other only had an 8 year old version of norton. To battle this I think many companies should be warned of the malware world and how serious it actually is.

As our society begins to become more and more dependent on computers the complexity of the threats will constantly change and become more hazardous. It needs to be brought into focus now and addressed to the best of companies abilities regardless of the cost (could hundred dollars is a far better loss than all the companies records).

@Sir Henry
I am not surprised you were able to get in. I bet of the computers reviewed security wise you would be able to get into 99% of them. Shows you how good their ITs are.

By: Nobody_Holme

Nobody_Holme — Fri, 11 Jan 2008 11:58:36 +0000

@Ubourgeek
I hate to mention it, but most US government groups get owned on a regular basis…
If security outside is that much worse, I’m quite worried.

Also, there can never be true security without a deadly lack of interaction. Its a conundrum faced by all security experts (of all times since like, the gate guards on some ancient castle, say, and that food wagon with a spy driving it).

By: Pantagruel

Pantagruel — Thu, 10 Jan 2008 11:27:59 +0000

@Sir Henry.

Absolutely true. The sad thing is that the perimeter security is quite ok, the division in question is behind a badge reader and very few people slip in in someone else’s ‘slipstream’ . People did receive some education about not letting in unknown colleague’s who seem to have forgotten their badge.

Again true, only a few years ago we started experimenting with device controle and it was quite simple. Anything but the stick acquired from the solution provider would work, severely hampering donglefied software (I personally hate that stuff). After some switched our dept’s latest solution is indeed more intelligent, allowing other devices to be entered into the white list (or blacklisting when users misplace their stick) and logging of transmissions is supported.

No in/output puts us back in the proverbial dark-ages, somewhat useless with the amopunt of data we generate and process using a computer.

By: goodpeople

goodpeople — Wed, 09 Jan 2008 19:20:22 +0000

Oh, the computer can have input nd output. As long as it’s not connected to anything else than the power grid. The external connections is where the danger lies.

And for being an addict.. I don’t go on vacation where my PDA doesn’t have GPRS coverage.. :-/

By: Sir Henry

Sir Henry — Wed, 09 Jan 2008 18:46:47 +0000

@James:

I am sure that such a machine would be extremely boring, too. I am such an addict when comes to being online.

By: James

James — Wed, 09 Jan 2008 18:45:06 +0000

and im not sure such a machine would be that user friendly.

By: James

James — Wed, 09 Jan 2008 18:43:03 +0000

the only secure computer is one with no input/output