How scared should you be about security statistics

Did you know the number of crimeware-spreading Web sites infecting PCs with password-stealing crimeware reached an all-time high of 31,173 in December, according to the APWG (formerly Anti-Phishing Working Group) coalition

Or that costs rose to US$6.6 million per breach last year, up from $6.3 million in 2007, according to the . Or that 3% to 5% of enterprise desktops and servers, mainly Windows, are apt to be infected with botnet code, according to security firm , based on an analysis of its customers' network traffic

News reports are filled with such disturbing statistics culled from any variety of sources, but do IT managers find themselves worrying about it all

"We all pay a little bit of attention," says Jeff Keahey, CIO at Wardlaw Claims, the Waco, Texas, property and auto claims insurance adjuster. "But we try to evaluate their bias."

In general, it usually looks like someone is trying very hard to "get you to lean toward a certain product" and "a lot of statistics come with an advertisement in tow," he notes.

Though he does take it all with a grain of salt, Keahey says he may look at security statistics as a general guideline about trends, and they may have some influence in deciding directions to take in countering threats.

Zur Startseite