GartnerG2 Says Enterprises are Not Doing Enough to Prepare for Cyberattacks

Analysts Examine Security Issues during Gartner Symposium/ITxpo

SAN DIEGO, CALIF., May 01, 2002 – Through 2005, 90
percent of cyberattacks will exploit known security flaws for which a patch is available
or a solution known, according to GartnerG2, a research unit of Gartner, Inc. (NYSE: IT
and ITB). Gartner analysts presented their outlook for cyperattack prevention today at
Gartner Symposium/ITxpo in San Diego, California.

GartnerG2 analysts said that not only are there patches
available before the cyberattacks, but 90 percent are imitation attacks. Also, recent
cyberattacks could have been avoided if enterprises were more focused on their security efforts.

“Nearly every major attack to hit the headlines
involved the exploitation of known security flaws for which a patch or defense was widely
known,” said Richard Mogull, research director for GartnerG2. “Estimated losses
from Code Red and Nimda were in the billions of dollars, yet Code Red exploited a flaw for
which a patch was available, proving that we never learn from our mistakes. Nimda
exploited the same flaw just a few months later. Both continue to survive on the Internet today.”

Through 2005, 20 percent of enterprises will experience a
serious (beyond virus) Internet security incident. Of those that do, the cleanup costs of
the incident will exceed the prevention costs by 50 percent.

Many enterprises are trying to prepare for cyberattacks and
identify the problem areas. GartnerG2 has identified the top 5 IT vulnerabilities to cyberattacks.

  • Security of suppliers and partners

  • No benchmarking (spending and value)

  • Security not integrated into projects

  • Poor governance and culture

  • Lack of risk management integration

Security must be proactive to be effective. Enterprises
need to develop incident response procedures, and monitor the right sources to detect an attack.

“A proactive security posture doesn’t mean you attack
hackers before they attack you, it means you have a well-developed response plan and keep
looking for the early indications of an attack,” Mogull said.

“Increase the enterprise’s overall security posture.
Develop an internal response plan and aggressively monitor Internet activity on all
systems, especially firewall and intrusion detection logs,” Mogull said.
“Evaluate established security plans in light of recent events, and update as needed.
If no CIRT exists, consider forming one or contracting with an external provider to evaluate systems.”

Gartner Symposium/ITxpo 2002 is being held April 29-May 2
at the San Diego Convention Center in San Diego, California. Gartner

Symposium/ITxpo is the IT industry’s largest and most strategic conference, providing business
leaders with a look at the future of IT. For more details on Gartner Symposium/ITxpo 2002, visit
or call 1-800-778-1997.

About Gartner, Inc.

Gartner, Inc. is a research and advisory firm that helps
more than 11,000 clients understand technology and drive business growth. Gartner’s
divisions consist of Gartner Research, Gartner Consulting, Gartner Measurement and Gartner
Events. Founded in 1979, Gartner, Inc. is headquartered in Stamford, Connecticut, and
consists of 4,300 associates, including 1,200 research analysts and consultants in more
than 90 locations worldwide. The company achieved fiscal 2001 revenue of $952 million. For
more information, visit

For complete results of the survey, “The E-Frontier 2002: Continuing Threats
to Corporate Risk Management,” log on to