ya, says cisco with more holes than ever *cough* media bs.

too bad this philosophy did not reach the home users yet.

why would a kiddie ./ a .kr box now when he can just setup some gay phishing site and reap the rewards.

and he will, if statistics are anything to go by.

All the data you post has little to do with hackers, or focused attacks against your data. These contingency plans typically translate into geographically distributed datacenters, which are mainly there to protect you against natural disasters. As they typically try to mirror a site's functionality on another site, a focused network attack against a site is very likely to be successful at the backup site as well. And guess what - people started building them not because they would necessarily need them, but because they were regulated by governments or international consortia (Basel II/BS27001/SOx/....).

Acceptable use and email policies defend you against your own people. Password policies? There are no effective password policies that I know of, and that actually work. There is basically no mention of any security process or technology (such as data classification, segregation, least privilege, defense in depth, etc.) that would address focused ("hacker") attacks against one's data in this article, and I feel ElReg should review its journalism standards, and not quote vendor survey results (which are always used to set up some agenda of their own).

Good security is about knowing what you need, and not waiting until you get regulated or doing the thing everybody else seems to be doing.

The article reads more like a victory against "reactive" managers who only pay for computer security after the fact, rather than against "hackers." This is good, but the article title is misleading.

We're also missing the numbers from prior surveys. What percentage of managers were reactive in 2005? In 2004? In late 2001? I'd like to see a trend in changing attitudes before declaring victory over hackers, managers, or anyone else.

Theyre beating me,

we have to tell them every month that we wont be able to support the system if they insist on paranoid delusions. I will soon write my 10+ passwords on the wall so I can function professionally. Should security really be implemented by morons that think that making life difficult in the most mundane way for people that need to do a job is really helping?

The number of security vulnerabilities being found, and the range of applications and platforms affected, is definitely not shrinking. The sophistication of organized criminals improves constantly. As the popularity of rootkit technology skyrockets, the total number of compromised computers is unknown but definitely growing.

So are we winning the war against hackers? Just as surely as we're winning the war in Iraq...

I like John Leyden's columns in general and agree that companies are doing the basics better and more consistently. However, hackerrs are just moving to attack targets of greater value - so we aren't winning as a society, even if businesses secure their network perimeter. We are not winning if spam, phishing, and botnet threaten consumers and business worldwide. The volume of spam continues. Phishing is a serious threat to consumers and businesses - just check the number of phishing e-mails out there about every major bank, securities dealer, and money transfer service. Botnet threats are still untdetermined. Extortion of businesses still exists. There is almost no cross-border control. Spam is still simple to generate. The idea that we are safe, when hackers simply focus on targets of higher economic value is just nonsense. Businesses are one step above clueless. Consumers continue to be generally clueless. Individuals are still willing to give up personal information for chocolate (reported recentlly that 80% would, http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2006/04/19/nbogus19.xml&sSheet=/news/2006/04/19/ixhome.html) or are willing to insert mystery CDs in thier corporate computers that were just given to them on the street (also reported recently http://software.silicon.com/security/0,39024655,39156503,00.htm).