Softletter's Marketing and Selling SaaS Seminar, 2008 January 30/31, Atlanta, GA
Dear Colleague: As you may know, Softletter, now in its 23rd year of publication, publishes a series of surveys that examine every aspect of running a successful software business. This survey, conducted in cooperation with Prolexic (www.prolexic.com) covers website security and up time. As you are undoubtedly well aware, doing business online can be a dangerous exercise. Recent security breaches involving the states of Massachusetts, Vermont, Connecticut etc., the massive loss of data at TJ Max, and a recent phishing attack at Salesforce.com only highlight the current state of online security affairs. This survey looks at the three principal sources of website security breakdowns and breaches. These are: DDoS attacks. Distributed Denial of Service attacks are a class of online assault that use compromised PCs and servers to overwhelm a company’s websites and web applications. The object of a DDoS attack is to generate a torrent of incoming messages to a website that forces it offline, thereby denying legitimate visitors and customers access to the site/system. Hacking attacks. Hacking attacks use password theft, backdoors, SQL injection, viruses, trojans, bots, et al to allow an external party to gain direct control over the functions and data of a site or damage or prevent it from operating properly. Phishing/Social Engineering attacks. Phishing/Engineering attacks attempt to manipulate or trick an individual(s) to voluntarily provide information that will allow a third party to gain unauthorized access to a site's operations and data. We're looking for some fairly standard information and will use this data to identify trends and current benchmarks that you can use to see how your own numbers and processes compare to those of comparable companies. In addition, we analyze information based on company development stages, an important factor that allows us to establish medians for companies in different market sectors. We also break software companies into four types: Enterprise/Client Server, SaaS, Desktop/Retail and OEM. The entire survey is 25 questions and should take approximately 15 to 20 minutes to complete. Please pass this invitation along to a colleague in the industry who you feel should participate. Everyone who supplies data for this survey will receive a complimentary copy of the summary report. Of course, all responses will be strictly confidential. We won't disclose or identify data about any individuals or about participating companies. Also note that we will be sending the summary results via E-mail; if you provide us with a non-working address you won't receive them. We're sorry, we don't have the time to deal with whitelist verification and suggest you add softgram@softletter.com and rickchapman@softletter.com to your approved recipients lists to ensure you receive the survey results. Don't forget to push the Submit Survey button at the bottom of this question page, and then wait for the acknowledgement page. Final summary results will appear in our January 31st issue of Softletter. For more information on subscribing to Softletter (www.softletter.com) and Softletter publications such as the Financial and Software as a Service Handbooks, please click here. Many thanks for your help! Merrill R. (Rick) Chapman, Managing Editor Softletter 34 Sugar Hill Road Killingworth, CT 06419 860/663-0552 rickchapman@softletter.com The Softletter 2007 Website Security Survey (Please enter all monetary numbers in US$, 100,000 format, no decimals, dollar signs, or percentage symbols.)
In terms of its estimated overall negative impact on your business, please rank the security problems listed below. You do not need to have undergone one of these types of attacks to answer this question.
Phishing/ Social Engineering