RSA(R) Conference 2004 Announces Results of the 2nd Annual Internet Insecurity Index
February 25 2004 - 4:01PM
PR Newswire (US)
RSA(R) Conference 2004 Announces Results of the 2nd Annual Internet
Insecurity Index RSA(R) CONFERENCE, SAN FRANCISCO, Feb. 25
/PRNewswire-FirstCall/ -- Organizers of the RSA(R) Conference 2004,
the world's leading information security event, released the
results of the 2nd annual Internet Insecurity Index during opening
ceremonies at San Francisco's Moscone Center on Tuesday, February
24, 2004. The RSA Conference Internet Insecurity Index is a
compilation of key information security developments over the past
year as reported by various news sources and agencies. While not a
precise scientific gauge, it provides some measure of direction to
help conference attendees and security industry professionals
answer the question: Is information security improving? The higher
the overall score in a given category, the higher the level of
insecurity. The RSA Conference takes place February 23-27, 2004.
The RSA Conference Internet Insecurity Index is broken down into
six general areas: Hacks, Attacks and Flaws; Threats; Internet,
Crime and Fraud; Internet Users and ISPs; Information Security
Industry; and Government. When evaluating events and issues within
each category, a higher score equates to a higher level of
insecurity. In 2003, the overall rating was a "6". The index
results for this year are detailed below, with some of the relevant
findings: Hacks, Attacks & Flaws: The number of incidents
reported to the CERT coordination center increased 40 percent in
2003. In August 2003, enterprisessaw a rapid fire of virus attacks
- "Blaster" and "So Big" viruses came with a $3.5 billion price
tag, and are estimated to be responsible for more than 2 million
infections. Fifteen states enacted new spam legislation in 2003,
resulting in a total of38 states that now have some form of
legislation on the books. The U.S. Congress also enacted the
CAN-SPAM Act of 2003, providing for labeling requirements and
opt-out instructions for unsolicited emails. The legislative
activity has not yet provided users with an appreciable difference
in spam messages. RATING: 8 (same as last year) Threats: Technology
and government expansion of its online surveillance authority is
making it easier to track and store data about people's web habits.
While some view efforts to authenticate users as counterintuitive
to the anonymity which was the touchstone that built the web;
others view it as a way to legitimize the web as a social and
commerce tool. A recent survey sponsored by Business Software
Allianceand the Information Security Systems Association found that
65% of information security professionals believe that their
organizations are at risk of a major cyber attack in the next 12
months. Exploits are following an accelerated growth path. Three
years ago, the time delay between discovery of a vulnerability and
exploit was 500 days. Now it's fewer than 40. (e.g., vulnerability
exploited by the Blaster worm was discovered in less than 30-days
before the worm appeared). RATING: 8 (same as lastyear) Internet
Crime & Fraud: Identity theft tops last year's Index as being
the fastest growing Internet crime related segment. It's back this
year as the most common complaint received by the Federal Trade
Commission. Internet-related fraud now accounts for 55% of the more
than 500,000 complaints filed with the agency, up from 45% in the
prior year. Hackers are successfully planting Trojan horse viruses
in seemingly harmless email attachments. The Trojan horse allows
the hacker to take over the victim's computer and plant viruses,
pornography or other illegal materials. RATING: 8 (up from 7 last
year) Internet Users and ISPs: In the Internet users and ISPs
portion of the index, poor patch management is a common theme, with
many individuals and businesses failing to ensure that their
computers have the latest patches from software companies - as was
the case with the Blaster worm outbreaks - but also failing to take
basic steps that would prevent dangerous data traffic from crossing
their networks. Information security providers, Internet service
providers and network administrators share blame here - and the
industry recognizes that patches need to be easier to install and
distribute. There is an inverse relationship between organizations
strengthening security and a user's desire for convenient access.
The more corporations try to improve security, the more
inconvenient the access becomes for users, and the more users
unwittingly weaken the security system. (e.g., writing cryptic
passwords on post-its and attaching them to computer screens; or
losing passwords and then flooding the help desk with password
reset calls). Strong security needs to become single and seamless
for users. RATING: 6 (same as last year) Information Security
Industry: Frustration can sum up how most users feel about Internet
security in 2003. Advocacy groups are proposing everything from
legislation that would allow customers to sue companies over
security loopholes in products to new tracking systems that would
make it impossible to use the web anonymously. The web is a truly
international medium, limiting the enforcement ability of any
regulations. Organizations are looking for relief from
administrative burdens and overhead associatedwith maintaining
multiple identities on disparate systems, and are looking to
identity management systems to resolve these issues, and to help
make them compliant with new laws and regulations such as the
Sarbanes- Oxley Act and the Health Insurance Portability and
Accountability Act ("HIPAA"). In November, Microsoft announced the
creation of the Anti-Virus Reward Program, initially funded with $5
million, to help law enforcement agencies identify and bring to
justice those who illegally release damaging worms, viruses and
other types of malicious code on the Internet. Microsoft has
offered $250,000 rewards for culprits of the "Blaster," "So Big"
and "My Doom" viruses. RATING: 6 (up from 4 last year) Government:
Critics snubbed the United States' cyber-security policy (the
National Strategy to Secure Cyberspace) as largely voluntary and
lacking regulatory prescriptions. A coalition of government and
private corporations says it is close to unveiling a framework and
tools that will help bolster the nation's vulnerable networks. The
first product of their work will be released in March of this year.
Ridge "a few lines of code:" In a speech to the IT industry, Tom
Ridge emphasized that everything form electricity grids to banking
transactions and telecommunication depends on security, reliable
cyber-networks, and terrorist groups "know, as do we, that a few
lines of code could ultimately wreak as much havoc as a handful of
bombs." In the annual report card of agencies'
cyber-securityprograms, the Federal government "improved" its
overall rating from an "F" to a "D" grade. Somewhat surprising was
the "F" rating for the new Department of Homeland Security ("DHS"),
whose mission includes promoting cyber-security nationwide. That
score, the first for DHS, may be influenced by the agency's
nascence and ongoing organization, having only opened its doors in
March 2003. RATING: 6 (was 4 last year) The overall rating for the
RSA Conference Internet Insecurity Index for 2004 was a "7",
indicating the landscape for information security has worsened
slightly from 2003. "Information security has become one of the
most critical issues for industry, academic and government
officials over the past year," said Sandra Toms LaPedis, area
vicepresident and general manager of the RSA Conferences. "The
ratings identified in each category for the Internet Insecurity
Index underscores the importance of events such as the RSA
Conference, and the need for organizations to continue to focus on
improving standards and technologies for the security industry."
Sponsors, Registration and Attendance Attendees can participate in
more than 200 class sessions on solutions and best practices. They
will also gain access to the largest information security
exposition, including more than 250 vendors covering approximately
140,000 square feet. Sponsors of the 2004 RSA Conference include,
Platinum Sponsors: Computer Associates, Hewlett-Packard, Microsoft,
RSA Security, Sun Microsystems, Symantec, TippingPoint and
VeriSign; and Gold Sponsors: Shavlik Technologies and Verdasys.
Full Conference fees include access to all four days of general
sessions and class tracks, exhibits, evening receptions and
giveaways. Qualified members of the media receive complimentary
admission with advance registration. Registration and additional
information are available on-site at Moscone North. About the RSA
Conference Now in its 13th year, the RSA Conference brings together
decision-makers and influencers from all major markets, including
consumer, education, financial, government, computer networking,
telecommunications, Wall Street and the media for one of the
industry's premier e-security and cryptography events. Later in the
year, RSA Conference 2004 continues in Japan and in Europe. For
more information, visit http://www.rsaconference.com/. RSA is a
registered trademark or trademark of RSA Security Inc. in the
United States and/or other countries. All other products and
services mentioned are trademarksof their respective companies.
Media Contact: Sponsor & Exhibit Contact: Tamara Burnett Wendy
Anderson McGrath Power Nth Degree 408.727.0351 978.579.2042
DATASOURCE: RSA Conference CONTACT: Media Contact: Tamara Burnett
of McGrath Power, +1-408-727-0351, ; or Sponsor & Exhibit
Contact: Wendy Anderson, +1- 978-579-2042, Web site:
http://www.rsasecurity.com/ http://www.rsaconference.com/
Copyright