Cybersecurity report card–serious improvements needed
IT security is under siege. At this juncture, the intruders have the upper hand, and they are taking advantage of increasingly sophisticated tools and unsophisticated IT organizations and users. A Computer Security Institute and Federal Bureau of Investigation survey of 500 U.S. companies shows an increase in reported financial losses of 21 percent, or $455.8 million, for 2002. In addition, those losses are increasingly the result of organized, planned cyberattacks. Gartner predicts that by 2005, 60 percent of security breach incident costs incurred by businesses will be financially or politically motivated. In light of the state of cybersecurity, I devised a report card for the various players involved in the security ecosystem. The key players include hackers, software developers, the security industry, Microsoft, government, IT organizations, and end users. What follows is the report card for each player involved in either perpetrating or preventing cyberattacks. The criteria for the grades is based on an assessment of each player’s progress over the last year in improving its security profile or, in the case of hackers, an ability to perpetrate security breaches.