Cyber Security Institute


Wednesday, August 07, 2013

Concerns Over Cyber Security Risks Outweigh Traditional Risks for Large Firms: Study

The study, titled “Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age” and conducted by Experian Data Breach Resolution and the Ponemon Institute, reported that 41 percent of large businesses (those with 500-plus employees) believe cyber security risks are greater than other insurable business risks such as natural disasters, business interruption and fires. Despite growing concerns over cyber security, the study also found that less than one-third of respondents (31 percent) have purchased cyber insurance coverage, according to the study, However, those firms that do not currently have insurance coverage – more than half of all survey respondents (57 percent) – indicated they plan to purchase cyber security coverage in the near future. Of the 56 percent of respondents that had breaches, the average cost of these incidents was reported at $9.4 million in the last 24 months.


Wednesday, June 26, 2013

Mobile malware attacks grow 614% in year to March - study

Attacks on mobile devices increased 614 percent between March 2012 and March 2013, compared to 155 percent growth a year earlier, according to Juniper Networks. Nearly 73 percent of malware are Fake Installers or SMS Trojans, which exploit holes in the nascent mobile payment systems. These threats either trick users or secretly send text messages to premium numbers set up by attackers to turn a quick profit.


Thursday, May 09, 2013

Cyber crime hits most Canadian businesses

Sixty-nine percent of Canadian companies have reported some kind of cyber attack over the past year, indicating that cyber crime is fairly prevalent among Canadian businesses, according to a study released Wednesday.


Wednesday, May 08, 2013

Few businesses appear ready to defend themselves from cybercrime, report findsFew Businesses Appea

Few companies may be ready to handle an attack from criminals lurking in cyberspace, and fewer know about the government’s three-year-old cyber-security efforts, according to a national study. The study’s authors concluded that results, while only a small snapshot of the millions of businesses big and small in Canada, point to gaps in how companies protect themselves from cybercrime, a finding that could be chalked up to little monetary damage to companies that fall victim to hackers. The cost of cybercrime to those businesses that fell victim to an attack was low, on average about $14,000 per incident, according to the companies surveyed.   Cybercrime victims also reported little effects on their business reputation, according to the study from the International Cyber Security Protection Alliance, a non-profit group based in the U.K. Experts suggest that financial-effect figures may have to rise dramatically before small- and medium-sized businesses beef up their IT defences, since few appear ready to defend themselves from attackers.


Stats confirm malware built at record rates

The anti-virus maker’s research arm, PandaLabs, found that between January and March of this year, more than 6.5 million new malware strains were built, with trojans comprising 75 percent of those.   In total, trojans were responsible for 80 percent of global computer infections – a record – far outpacing worms, viruses and adware. Across the globe, researchers discovered that more than 31 percent of PCs have been seeded with malware, with machines in China experiencing the highest infection rates (around 50 percent).   In the United States, PandaLabs said 28 percent of computers are infected nationwide, numbers that roughly correspond to previous versions of the report.



Tuesday, April 23, 2013

China accounts for 41 percent of global computer attack traffic

A new security report points the finger at China as the main source of malicious computer attacks — and puts the United States in second. In a report due to be released today by Akamai Technologies, the security firm says that the Asian country is accountable for 41 percent of all global computer-attack traffic. According to the report, the U.S. comes in second as a major source of cyberattacks, and is responsible for ten percent of all global attack traffic. Turkey, although not often associated with cyberattacks, came in third in Akamai’s report, apparently 4.7 percent of all hacking traffic originating from the country.   Russia was given fourth place with 4.3 percent of cyberattack originations and Taiwan came in fifth, claiming 3.7 percent of the world’s attack traffic.



IT Professionals Say Employees Ignore Security Rules

There are best practices for securing access to critical systems and data that many organizations tend to ignore, the survey found. The vast majority (81.4 percent) of IT security staff think that employees tend to ignore the rules that IT departments put in place, and more than half (52.2 percent) of the same respondents said they believe that employees would not listen more even if IT directives came from executive management, rather than IT, according to a survey by identity management and security management specialist Lieberman Software. More than 70 percent of IT security professionals would not be willing to bet $100 of their own money that their companies will not suffer a data breach in the next six months.



75 percent of cyber attacks are opportunistic

Verizon’s 2013 Data Breach Investigation Report posited that 75 per cent of hackers target a website purely because its security systems are weak puts even more pressure on businesses to make sure that their defence systems and protocols are up to date and thorough. A large number of data breaches (45 per cent) came from customer service workers whose lack of security knowhow or training meant that they were often easy targets for hackers. Worryingly, two thirds (66 per cent) of all breaches took months (62 per cent) or even years (4 per cent) to discover - leaving it even harder for criminals to track.   



Wednesday, March 27, 2013

Antivirus apps knocked in malware report

The Palto Alto report examined malware samples collected by the company’s WildFire platform against fully updated antivirus products from six top enterprise antivirus vendors. (pdf). It found web-based malware remained hidden for an average of 20 days before being detected, as opposed to five days for email-based malware, while 94 per cent of the undetected malware was delivered via web browsing or web proxies.


Wednesday, February 20, 2013

RSA estimates 2012 global losses from phishing at $1.5 bn

RSA, the Security Division of EMC announced the findings of its January 2013 Fraud Report, estimating the global losses from phishing at $1.5 bn in 2012. ...  The total number of phishing attacks in 2012 was 445,004 while in 2011 was 258,461.  The overall trend in attack numbers showed a steady rise in volume throughout the year, reaching an all-time high in July with 59,406 attacks detected in a single month. The most prominent market trends relevant to the mobile channel have to do with the growth in mobile device usage in personal and work life and pivotal role of mobile apps.


Ponemon Institute Research Reveals Cyber Attacks on Trust Can Cost Every Global Enterprise Up to $39

Ponemon Institute and Venafi, the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions, today announced the 2013 Annual Cost of Failed Trust Report: Threats & Attacks.  This new annual report provides the first extensive examination of how failure to control trust in the face of new and evolving security threats places every global enterprise at risk. The most essential of these technologies are cryptographic keys and digital certificates, which provide the foundation of trust for the modern world of secure communications, card payments, online shopping, smartphones and cloud computing. Clear and present danger to cloud computing: Respondents believe difficult-to-detect attacks on Secure Shell (SSH) keys, critical for cloud services from Amazon and Microsoft, present the most alarming threat arising from failure to control trust.


Wednesday, February 13, 2013

Retailers were favorite target of cyber crime in 2012 Dubai Chronicle

In 2012, the retail industry was the most preferred target of cyber crimes.  But it must be clear that the main target is not exactly the retail. The statistic goes on with food and beverage industry registering 24% interest from cyber criminals.  Yet, they are the favorite target of cyber criminals. 96% of all cyber frauds are payment data targeted.  These include customer records like credit and debit cards data, e-mail addresses and personal identifiable information.


Thursday, February 07, 2013

Nearly a third of all computers are infected with malware

With the addition of 2012’s numbers, the grand total of all malware samples in PandaLabs’ database has reached approximately 125 million and researchers estimated that at least 27 million new strains of malware were created in 2012 alone. Trojans continued to account for most of the new threats, comprising three out of every four new malware strains created in 2012. One of the reasons for this growth was the increased use of exploit kits such as Black Hole, which are capable of exploiting multiple system vulnerabilities to infect computers automatically without user intervention.


Sunday, February 03, 2013

Most attacked computer ports revealed

Akamai released its Q3 2012 State of the Internet report recently, revealing that port 445 (Microsoft-DS) has been the top targeted port amoung cyber attackers.The report showed that during the third quarter of 2012, Akamai observed attack traffic originating from 180 unique countries or regions, down from 188 in the prior quarter.  Nearly 51% of observed attack traffic originated in the Asia Pacific/Oceania region, just under 25% in Europe, just over 23% in North and South America, and slightly more than 1% from Africa.


Thursday, January 31, 2013

DDoS attack sizes plateau, complex multi-vector attacks on the rise

Arbor Networks released its 8th Annual Worldwide Infrastructure Security Report (WISR) offering a rare view into the most critical security challenges facing today’s network operators. Based on survey data provided by network operators from around the world, this annual report is designed to help network operators make more informed decisions about their security strategies as they relate to the integrity of mission-critical Internet and other IP-based infrastructure. The increase in botted hosts is not surprising given the number and complexity of malware variants that exist, their rate of evolution and the consequent inability of Intrusion Detection Systems (IDS) and Anti-Virus (AV) systems to fully protect them.


Thursday, February 09, 2012

Service providers lack confidence in LEAs

Arbor Networks’ 7th annual Worldwide Infrastructure Security Report presents a view of 2011 security through the eyes of the providers: ISPs, hosting companies, and service providers. “Ideology was the most common factor for DDoS in 2011,” it notes, “followed by a desire to vandalize.”  Since we have seen hacktivists willing to issue a general ‘call to arms’ and even provide the tools to take part in attacks, it represents, concludes Arbor, ‘a sea-change in the risk-assessment model’ for both network operators and their customers.


Thursday, April 28, 2011

Symantec announces April 2011 MessageLabs Intelligence Report

This month analysis reveals that targeted attacks intercepted by rose to 85 per day, the highest figure since March 2009 when the figure was 107 per day in the run-up to the G20 Summit held in London that year.  MessageLabs Intelligence has also revealed that shortened URLs have become increasingly popular recently, being used to lure people to click on advertising links; a practice known as click-fraud.  In April, 1 in 168.6 emails contained malware and targeted attacks accounted for approximately 0.02% of these.


Monday, October 11, 2010

Most large companies hit by hack attacks, survey shows

That’s what a survey of 350 IT and network professionals would indicate, with large companies in particular reporting this to be worse than last in terms of suffering at least one network intrusion of their user machines, office network or servers.  The Sixth Annual Enterprise IT Security Survey, released Monday, found that 67% of large companies with 5,000 or more employees reported one successful intrusion or more this year, compared with 41% in 2009.  For the first time, the survey, sponsored by VanDyke Software and undertaken by Amplitude Research in mid-September, delved into what the survey respondents believed primarily caused the network intrusion.


Tuesday, August 10, 2010

Tallying the Cost of Cyber Crime

The scheming of cyber criminals now has a price tag: a median cost of $3.8 million (U.S.) per organization, according to researchers at the Poneman Institute, which took an in-depth look at both the cost and the frequency of cyber crime at the behest of security software specialist ArcSight Inc.  The First Annual Cost of Cyber Crime Study, published earlier this month, comes with an important caveat: the Poneman/ArcSight study was extremely limited in scope and is based on just 45 U.S. organizations.  On the other hand, researchers met with and interviewed participants instead of simply surveying them.


Tuesday, May 18, 2010

USB Worm No. 1 Malware: McAfee Report

USB worms have taken the No. 1 spot for top malware in the world, according to a McAfee threat report, released Tuesday.  In addition, the “McAfee Threats Report, First Quarter 2010” indicated a trend of diploma spam coming from China and other Asian countries, while spammers are continuing to exploit high-profile news events, such as the Haiti earthquake, by poisoning search engines.  Finally, the report found that U.S.-based servers continue to host the majority of malicious URLs.


Wednesday, May 12, 2010

IT People Still Hazy About Clouds, Study Says

If you don’t have a grip on cloud services and security in your organization, you are not alone, according to a study published today.  According to a survey conducted by Ponemon Institute and sponsored by CA, more than 50 percent of respondents in the U.S. say their organization is unaware of all the cloud services deployed in their enterprise today.


Thursday, April 08, 2010

Cloud computing risks outweigh benefits, survey finds

A new survey is finding a continued level of angst among IT professionals administering cloud computing projects within their organizations.  The survey of more than 1,800 U.S.-based IT professionals found that 48% said Software as a Service (SaaS) and cloud computing risks outweigh the benefits.  The survey was conducted by Rolling Meadows, Ill.-based Information Systems Audit and Control Association (ISACA), the IT security governance organization that administers security certifications.


Wednesday, April 07, 2010

Outsourced security extends to wealth of services, study finds

Interest is growing in non-traditionally outsourced security technologies, including log management and patch and configuration management.  The market for security services providers grew by about 8% in 2009, despite the economic turmoil that stagnated some security budgets.  And the growth is not necessarily all about cutting costs, said Khalid Kark, vice president and principal analyst at Cambridge, Mass.-based Forrester Research Inc.  More important to most enterprises is 24x7 protection and increased security competency that many service providers can offer.


Monday, April 05, 2010

Microsoft Cyber Security Survey Finds Businesses’ Most Valuable Data at Risk

While many IT departments are spending significantly on compliance and protection from accidental leaks of “custodial data,” most are not investing enough in protecting their organizations’ most important secrets.  That’s according to a new Forrester Consulting survey funded by Microsoft and RSA.  According to the researchers, who surveyed 305 IT security decision makers globally, two types of business data need to be secured.  Refocusing corporate cyber security while maintaining compliance In the report, Forrester, Microsoft (NASDAQ: MSFT) and RSA, the security division of EMC (NYSE: EMC), provided a set of recommendations to help IT security organizations address rebalancing security priorities.


Security spending survey finds misaligned IT security budgets

Many enterprise IT security budgets may be focused too heavily on protecting credit card data and customer personal information rather than safeguarding more valuable corporate secrets.  For most enterprises, secrets are more valuable than custodial data.  That was the conclusion of a global survey of 305 people with primary responsibility over IT security budgets, conducted by Forrester Research Inc. CISOs value company earnings and financial information the most, yet the majority of IT security spending is aimed at protecting less valuable data, according to the survey, which was commissioned by Microsoft and RSA, the security division of EMC Corp.


Wednesday, March 03, 2010

Database Security Lacking at Financial Services Firms

Sloppy operating practices across the financial services sector leave firms vulnerable to breaches that could expose sensitive data or put customers’ and employees’ privacy at risk, according to a new study from the Ponemon Institute.  The study, commissioned by enterprise software and consulting firm Compuware (NASDAQ: CPWR), identified several key areas where financial services companies could take a hit from loose data policies, including damage to the corporate brand and the erosion of consumer trust.


Tuesday, March 02, 2010

Symantec Chief Says Cloud Security the Next Step

With enterprise data growing at an overall rate of 60 percent per year, it’s time to take a closer look at that information and determine its economic value.  Because if we don’t, the bad guys certainly will.  That was the warning from Symantec (NASDAQ: SYMC) CEO Enrique Salem, speaking here at the RSA Conference 2010.  He warned that as computing power moves out to the cloud, that will drive a need for digital devices to provide you with greater access to that data.  But, he added, mobile devices are increasing in importance along with cloud computing, and they require new security methodologies to deter data theft.


Wednesday, February 24, 2010

Most Enterprises Worldwide Hit by Cyber Attack in 2009

Enterprises are well aware of growing security threats to their organizations, but so far have lacked the resources and staff to deal with increasingly sophisticated and malicious cyber attacks, according to Symantec’s latest “State of Enterprise Security” study.  The telephone survey conducted in January contacted 2,100 businesses and government agencies in 27 countries and found that 100 percent of them had experienced cyber losses of some type in the past year.  The top three reported losses were theft of intellectual property, theft of customer credit card information or other financial information that resulted in monetary loss in 92 percent of instances.


Friday, January 08, 2010

CSI Computer Crime and Security Survey Shows Poor Security Awareness Training in Public and Private

It’s no secret that security pros worry about cyber-attacks that can happen anytime in a networked world, but apparently, they also worry about how much end-users know about good computer hygiene and their organizations’ abilities to assess how secure they are - or aren’t.  The Computer Security Institute (CSI), which holds conferences and educational events for IT workers, released the 14th edition of its annual CSI Computer Crime and Security Survey in December 2009, with an assessment of how respondents felt about their own cyber-security situations and what that assessment may mean for 2010.  A whopping 43.4 percent of them said that less than 1 percent of their security budget was allocated to awareness training, and 55 percent said current investments in this area were inadequate.


Thursday, December 10, 2009

CA Inc: CA Report: Fake Security Software, Search Engines and Social Networks 2009’s Top Internet Th

The latest State of the Internet 2009 report issued today by CA, Inc. (NASDAQ: CA) states that the most notable 2009 online threats were rogue/fake security software, major search engines, social networks and Web 2.0 threats.