Infosec – Failing or Succeeding?

Noam Eppel at Vivica asserts that Information Security is a total failure:

Today we have forth and fifth generation firewalls, behavior-based anti-malware software, host and network intrusion detection systems, intrusion prevention system, one-time password tokens, automatic vulnerability scanners, personal firewalls, etc., all working to keep us secure. Is this keeping us secure? According to USA Today, 2005 was the worst year ever for security breaches of computer systems. The US Treasury Department’s Office of Technical Assistance estimates cybercrime proceeds in 2004 were $105 billion, greater than those of illegal drug sales. According to the recently released 2005 FBI/CSI Computer Crime and Security Survey, nearly nine out of 10 U.S. businesses suffered from a computer virus, spyware or other online attack in 2004 or 2005 despite widespread use of security software. According to the FBI, every day 27,000 have their identities stolen.

Noam’s article is a good read if you think the Internet is safe. But a lot of folks disagree with his conclusion, and I side with them. Noam’s article is just a litany of all the doom and gloom statistics out there – like the ones you see on Slide 2 of every security vendor’s pitch.