Reported incident Stats over 14 years.

[chefer]

Looking at stats for the past 14 years, and it's interesting to see how the times have changed from the reported incidents perspective.

Check this out : Cert.org Stats

What this means : We will have to work harder and harder to keep our systems secure. There are more people getting online every day, and from every bunch that gets online, there is a handful that are going to at least dabble with known exploits, and a tiny segment that will attempt to locate new exploits. We will have to be ever dilligent in our quest to ensure we try to ensure that we catch bugs as quickly as we can, and get our systems patched and protected.

Why this seems to fail : Pathetically a number of users and admins alike are lazy. They don't want to take the time to know about how to secure their systems, nor do they want to take responsibility for their system when it becomes a problem.


Question : Should this all frighten me? I hope so, because it does and I don't want to feel like a complete @$$ for being the only one.

[zaggy]

Why this seems to fail : Pathetically a number of users and admins alike are lazy. They don't want to take the time to know about how to secure their systems, nor do they want to take responsibility for their system when it becomes a problem.

I happen to agree that there are many admins and users alike that suffer from this problem. I have had friends complain that their admins often reload programs and such rather than finding out the problem and fixing it. The bandaid method is what I call it.

Likewise though I am amazed by the amount of users that have zero interest in how to secure their systems. My own family is guilty of that, not even wanting to learn the basics. I guess something will have to happen to them before they have any desire to learn. Often their attitude is, "well that is what those guys get paid for, let them worry about it". Rather than understanding that if everyone does his/her part, everything goes smoother.