Cyber Security Institute
Statistics
Thursday, February 09, 2012
Service providers lack confidence in LEAs
Arbor Networks’ 7th annual Worldwide Infrastructure Security Report presents a view of 2011 security through the eyes of the providers: ISPs, hosting companies, and service providers. “Ideology was the most common factor for DDoS in 2011,” it notes, “followed by a desire to vandalize.” Since we have seen hacktivists willing to issue a general ‘call to arms’ and even provide the tools to take part in attacks, it represents, concludes Arbor, ‘a sea-change in the risk-assessment model’ for both network operators and their customers.
Thursday, April 28, 2011
Symantec announces April 2011 MessageLabs Intelligence Report
This month analysis reveals that targeted attacks intercepted by Symantec.cloud rose to 85 per day, the highest figure since March 2009 when the figure was 107 per day in the run-up to the G20 Summit held in London that year. MessageLabs Intelligence has also revealed that shortened URLs have become increasingly popular recently, being used to lure people to click on advertising links; a practice known as click-fraud. In April, 1 in 168.6 emails contained malware and targeted attacks accounted for approximately 0.02% of these.
Monday, October 11, 2010
Most large companies hit by hack attacks, survey shows
That’s what a survey of 350 IT and network professionals would indicate, with large companies in particular reporting this to be worse than last in terms of suffering at least one network intrusion of their user machines, office network or servers. The Sixth Annual Enterprise IT Security Survey, released Monday, found that 67% of large companies with 5,000 or more employees reported one successful intrusion or more this year, compared with 41% in 2009. For the first time, the survey, sponsored by VanDyke Software and undertaken by Amplitude Research in mid-September, delved into what the survey respondents believed primarily caused the network intrusion.
Tuesday, August 10, 2010
Tallying the Cost of Cyber Crime
The scheming of cyber criminals now has a price tag: a median cost of $3.8 million (U.S.) per organization, according to researchers at the Poneman Institute, which took an in-depth look at both the cost and the frequency of cyber crime at the behest of security software specialist ArcSight Inc. The First Annual Cost of Cyber Crime Study, published earlier this month, comes with an important caveat: the Poneman/ArcSight study was extremely limited in scope and is based on just 45 U.S. organizations. On the other hand, researchers met with and interviewed participants instead of simply surveying them.
Tuesday, May 18, 2010
USB Worm No. 1 Malware: McAfee Report
USB worms have taken the No. 1 spot for top malware in the world, according to a McAfee threat report, released Tuesday. In addition, the “McAfee Threats Report, First Quarter 2010” indicated a trend of diploma spam coming from China and other Asian countries, while spammers are continuing to exploit high-profile news events, such as the Haiti earthquake, by poisoning search engines. Finally, the report found that U.S.-based servers continue to host the majority of malicious URLs.
Wednesday, May 12, 2010
IT People Still Hazy About Clouds, Study Says
If you don’t have a grip on cloud services and security in your organization, you are not alone, according to a study published today. According to a survey conducted by Ponemon Institute and sponsored by CA, more than 50 percent of respondents in the U.S. say their organization is unaware of all the cloud services deployed in their enterprise today.
Thursday, April 08, 2010
Cloud computing risks outweigh benefits, survey finds
A new survey is finding a continued level of angst among IT professionals administering cloud computing projects within their organizations. The survey of more than 1,800 U.S.-based IT professionals found that 48% said Software as a Service (SaaS) and cloud computing risks outweigh the benefits. The survey was conducted by Rolling Meadows, Ill.-based Information Systems Audit and Control Association (ISACA), the IT security governance organization that administers security certifications.
Wednesday, April 07, 2010
Outsourced security extends to wealth of services, study finds
Interest is growing in non-traditionally outsourced security technologies, including log management and patch and configuration management. The market for security services providers grew by about 8% in 2009, despite the economic turmoil that stagnated some security budgets. And the growth is not necessarily all about cutting costs, said Khalid Kark, vice president and principal analyst at Cambridge, Mass.-based Forrester Research Inc. More important to most enterprises is 24x7 protection and increased security competency that many service providers can offer.
Monday, April 05, 2010
Microsoft Cyber Security Survey Finds Businesses’ Most Valuable Data at Risk
While many IT departments are spending significantly on compliance and protection from accidental leaks of “custodial data,” most are not investing enough in protecting their organizations’ most important secrets. That’s according to a new Forrester Consulting survey funded by Microsoft and RSA. According to the researchers, who surveyed 305 IT security decision makers globally, two types of business data need to be secured. Refocusing corporate cyber security while maintaining compliance In the report, Forrester, Microsoft (NASDAQ: MSFT) and RSA, the security division of EMC (NYSE: EMC), provided a set of recommendations to help IT security organizations address rebalancing security priorities.
Security spending survey finds misaligned IT security budgets
Many enterprise IT security budgets may be focused too heavily on protecting credit card data and customer personal information rather than safeguarding more valuable corporate secrets. For most enterprises, secrets are more valuable than custodial data. That was the conclusion of a global survey of 305 people with primary responsibility over IT security budgets, conducted by Forrester Research Inc. CISOs value company earnings and financial information the most, yet the majority of IT security spending is aimed at protecting less valuable data, according to the survey, which was commissioned by Microsoft and RSA, the security division of EMC Corp.
Wednesday, March 03, 2010
Database Security Lacking at Financial Services Firms
Sloppy operating practices across the financial services sector leave firms vulnerable to breaches that could expose sensitive data or put customers’ and employees’ privacy at risk, according to a new study from the Ponemon Institute. The study, commissioned by enterprise software and consulting firm Compuware (NASDAQ: CPWR), identified several key areas where financial services companies could take a hit from loose data policies, including damage to the corporate brand and the erosion of consumer trust.
Tuesday, March 02, 2010
Symantec Chief Says Cloud Security the Next Step
With enterprise data growing at an overall rate of 60 percent per year, it’s time to take a closer look at that information and determine its economic value. Because if we don’t, the bad guys certainly will. That was the warning from Symantec (NASDAQ: SYMC) CEO Enrique Salem, speaking here at the RSA Conference 2010. He warned that as computing power moves out to the cloud, that will drive a need for digital devices to provide you with greater access to that data. But, he added, mobile devices are increasing in importance along with cloud computing, and they require new security methodologies to deter data theft.
Wednesday, February 24, 2010
Most Enterprises Worldwide Hit by Cyber Attack in 2009
Enterprises are well aware of growing security threats to their organizations, but so far have lacked the resources and staff to deal with increasingly sophisticated and malicious cyber attacks, according to Symantec’s latest “State of Enterprise Security” study. The telephone survey conducted in January contacted 2,100 businesses and government agencies in 27 countries and found that 100 percent of them had experienced cyber losses of some type in the past year. The top three reported losses were theft of intellectual property, theft of customer credit card information or other financial information that resulted in monetary loss in 92 percent of instances.
Friday, January 08, 2010
CSI Computer Crime and Security Survey Shows Poor Security Awareness Training in Public and Private
It’s no secret that security pros worry about cyber-attacks that can happen anytime in a networked world, but apparently, they also worry about how much end-users know about good computer hygiene and their organizations’ abilities to assess how secure they are - or aren’t. The Computer Security Institute (CSI), which holds conferences and educational events for IT workers, released the 14th edition of its annual CSI Computer Crime and Security Survey in December 2009, with an assessment of how respondents felt about their own cyber-security situations and what that assessment may mean for 2010. A whopping 43.4 percent of them said that less than 1 percent of their security budget was allocated to awareness training, and 55 percent said current investments in this area were inadequate.
Thursday, December 10, 2009
CA Inc: CA Report: Fake Security Software, Search Engines and Social Networks 2009’s Top Internet Th
The latest State of the Internet 2009 report issued today by CA, Inc. (NASDAQ: CA) states that the most notable 2009 online threats were rogue/fake security software, major search engines, social networks and Web 2.0 threats.
Thursday, December 03, 2009
Security incidents at an all-time high
The Computer Security Institute (CSI) pre-released selected findings from its 2009 Computer Crime and Security Survey. The survey, now in its 14th year, found that average losses due to security incidents are down again this year (from $289,000 per respondent to $234,244 per respondent), though they are still above 2006 figures.
Respondents reported big jumps in incidence of:
password sniffing (Over 9 percent last year)
Web site defacement (Over 6 percent last year)
financial fraud (Over 12 percent last year)
denials of service (Over 21 percent last year)
malware infection (Over 50 percent last year).
Tuesday, November 24, 2009
Workers stealing data for competitive edge
Carried out amongst 600 office workers in Canary Wharf London and Wall Street New York, 41% of workers have already taken sensitive data with them to their new position, whilst a third would pass on company information if it proved useful in getting friends or family a job. Pilfering data has become endemic in our culture as 85% of people admit they know it’s illegal to download corporate information from their employer but almost half couldn’t stop themselves taking it with them with the majority admitting it could be useful in the future! However, it would seem employers have only themselves to blame as they appear pretty lackadaisical when it comes to protecting their data from their employees with 57% of respondents stating that it’s become a lot easier to take sensitive information from under their bosses noses this year, up from 29% last year.
Sunday, November 15, 2009
Microsoft study shows growing threat of computer worms
The danger of corporate computers becoming infected by worms has risen dramatically recently, according to a new study by Microsoft. The study showed that, globally, the chances of infection by a computer worm had increased by almost 100 per cent when comparing the first half of 2009 with the same six-month period in 2008.
Friday, November 13, 2009
Security Pros Not Confident In Their Incident Response Plans, Study Says
Enterprises suffer an average of two breaches a year, but only a third of IT professionals are completely confident in their incident response plans, according to a study published earlier this week. According to a study conducted by data recovery and forensics service provider Kroll Ontrack, about three-quarters of U.K. organizations that have an incidence response plan say their plan is “effective” to some degree, but only 25 percent say their plan is “very” effective.
Thursday, October 29, 2009
Study: Midsize Companies Cut Security Budgets As Cyber Threats Escalate
McAfee has released research finding from a global study that midsize organizations are cutting their security budgets at the same time that cyberthreats are escalating.
Saturday, June 20, 2009
1 In 5 Companies Cutting IT Security Spending, Our Survey Finds
Budget woes, increased regulation, and new challenges for sensitive data are on the menu for risk managers. Cutting IT security spending, unthinkable a couple of years ago, is officially on the table. Just a year ago, even with a recession taking hold, only 6% of companies planned to trim security. This year, 19% are cutting, our Strategic Security Survey finds, while only 27% are increasing spending on IT security, down from 40% who were a year ago. At the same time, CEOs desperate to make their quarterly numbers may enter new businesses or find ways to trim expenses with less concern for the impact on data security. If you thought you had a handle on your organization’s appetite for risk, chances are the economy has changed the dinner portions.
Wednesday, May 06, 2009
The New Face of Cybercrime Revealed
If one thing is clear from Verizon’s recently published 2009 Data Breach Investigations Report it is that cyber crime has taken on a frightening level of maturity. This is the second year that Verizon has published data from the breach investigation work they perform for their clients. While these [other[ reports do drive home the expense, loss of reputation, and compliance requirements associated with good data protection they do not shed the same light on methodologies that Verizon does.
Friday, February 27, 2009
Japan Cybercrime Grows by 15.5 Percent
Internet security software provider Finjan (www.finjan.com) announced on Friday that it has just published the 2008 cybercrime figures from Japan which reveals a 15.5 percent year-on-year annual growth.” Anecdotal evidence suggests that the volume and value of cybercrime has soared again in 2008 and, with the current economic recession, we fully expect the number of Internet scams, hacks and malware-driven infections to increase even faster in 2009,” says Ben-Itzhak, Finjan Chief Technology Officer.
Wednesday, January 21, 2009
Data breach study ties fraud losses to Hannaford, TJX breaches
A recent data breach study commissioned by the state of Maine sheds light on the losses banks experienced as a result of the data breaches at TJX and Hannaford Brother’s supermarkets. The state’s banks said they incurred $2.1 million in expenses related to data breaches since January 1, 2007. The Hannaford breach had the largest impact, affecting 71 financial institutions and incurring $1.6 million in expenses according to the Maine Data Breach Study. Adam Shostack, blogger and author of The New School of Information Security, said the expenses turn out to be about $450 for each breached account, which is inline with the estimated figures on for sales of pilfered account data on the black market.
Monday, December 08, 2008
Report: IT, Security Departments Not Seeing Eye To Eye On Threats To The Business
A new report underscores a major disconnect between IT and security groups when it comes to what most threatens their organizations. The Ponemon Institute’s 2008 Security Mega Trends Survey, which was commissioned by Lumension, reveals just how far apart IT departments and security groups are when it comes to what they perceive as the biggest threats to their data today and in the next 12 to 24 months. While outsourcing risks are at the top of IT managers’ worries, data breaches and cybercrime are the biggest worries for security.
Monday, November 24, 2008
Symantec says Internet underground economy is organized and rich
Symantec researchers spent a year observing the chat among cybercriminals on IRC channels and forums on the Internet between July 1, 2007 and June 30, 2008 and were able to piece together a veritable menu of malicious code, as well as dig up detailed information on the exchange of highly prized financial information. For example, credit card information accounted for more than 30 percent of all of the types of goods and services sold and was the most requested category. Bank account credentials were the most commonly advertised thing for sale on underground economy servers monitored by Symantec, with prices ranging from $10 to $1,000 depending on the balance and location of the account.
Tuesday, October 28, 2008
Cisco Study: IT Security Policies Unfair
Unfair policies prompt most employees to break company IT security rules, and that could lead to lost customer data, a Cisco study found. The first part dealt with common employee data leakage risks and the potential impact on the collaborative workforce. More than half of the employees surveyed admitted that they do not always adhere to corporate security polices. Of the IT respondents who dealt with employee policy violations, one in five reported that incidents resulted in lost customer data, according to the Cisco study.
Wednesday, October 08, 2008
Spam Trends Down?
Bucking some reports to the contrary, which find spam levels incrementally increasing over time, MessageLabs’ latest research paper claims that unsolicited e-mail dropped noticeably during Q3 2008, driven in part by the shutdown of a nefarious ISP. Despite the fact that the MessageLabs Intelligence Report for September/third quarter 2008 aligns the lowered volumes of spam observed during the timeframe directly to the shuttering of shady California-based ISP Intercage on Sept. 20, researchers predicted that the noticeable slowdown would likely be temporary as the holiday season gets into swing and scammers again seek to use those themes to lure end users.
Tuesday, October 07, 2008
Data Breaches Reach Record High
The Identity Theft Resource Center reports data breaches in 2008 have already exceeded the record breaches of 2007. First, the bad news: Data breaches continue unabated at U.S. corporations, governments and universities, already surpassing last year’s record 446 breaches, according to the Identity Theft Resource Center. Through the end of September, the total number of data breaches recorded by the ITRC was 516, averaging 57 breaches a month.
Malware in E-Mail Rose Dramatically in September, Security Pros Report
The amount of e-mail-borne malware attacks jumped dramatically during the month of September, according to security researchers at MX Logic and Symantec. In its “October Threat Forecast & Report,” security vendor MX Logic reported that 5.14 percent of all e-mails in September contained malware, more than twice August’s percentage and more than five times January’s rate of 0.95 percent. Symantec had similar findings in its October “State of Spam” report, where the vendor reported the percentage of e-mails with malicious code multiplied about 12 times between June and September. “The two largest contributors to this increase in September were e-mails purporting to be an iPhone game and fake FedEx delivery notifications,” said Sam Masiello, vice president of information security at MX Logic.