If network administrators simply instituted proper configuration policies and conducted good network monitoring, about 80 percent of commonly known cyber attacks could be prevented, a Senate committee heard on November 17.

The remark was made by the National Security Agency’s information assurance director, who added that simply adhering to already known best practices would sufficiently raise the security bar so that attackers would have to take more risks to breach a network, “thereby raising [their] risk of detection.”

The Senate Judiciary Subcommittee on Terrorism, Technology and Homeland Security heard from a number of experts offering commentary on how the government should best tackle securing government and private-sector critical infrastructure networks.

The president of the Internet Security Alliance told senators that public apathy and ignorance played as much a role in the current state of cyber security as the unwillingness of corporate entities to take responsibility for securing the public’s data.

As for corporate and government entities that collect and store the public data, they “do not understand themselves to be responsible for the defense of the data,” said the president, whose group represents banks, telecoms, defense and technology companies and other industries that rely on the internet.

“The marketing department has data, the finance department has data, etc, but they think the security of the data is the responsibility of the IT guys at the end of the hall.” A 2009 Price Waterhouse Cooper study on global information security found that 47 percent of companies are reducing or deferring their information security budgets, despite the growing dangers of cyber incursions.

Source: http://www.wired.com/threatlevel/2009/11/cyber-attacks-preventable