Category: Statistics

“Client-side attacks have continued to be popular with hackers because compromising an employee’s pc is often much easier than hacking directly into an organization’s database. Many times it is simpler to compromise an employee pc because an employee’s position often requires them to have access to the web, whereas a company’s databases and backend servers are usually not open to outside networks.

Taking control of employee computers are also desirable because they have authority to communicate to a company’s backend systems, whereas communications coming from an IP address outside the network is often blocked.

Often times, healthcare organizations are architected with very open networks so as to conduct necessary business activities such as billing, the transfer of patient records, and communication with different physician networks. These open networks give hackers more openings in which to try and break in making healthcare organizations prime targets.

Healthcare Organizations Store Personal, Identifiable Information, Banking information and Health Insurance Credentials Healthcare organizations store a lot of valuable personal, identifiable information such as SSNs, names, addresses, age, in addition to banking and credit card information. According to Don Jackson, who spent eight years working in healthcare IT security prior to coming to SecureWorks, healthcare organizations store other valuable information such as patients’ health insurance credentials. These computing resources make healthcare entities a very attractive target to hackers because they not only have lots of PCs that can be harvested for valuable data, but these computers can be turned into spam bots.

http://www.secprodonline.com/_MCV/amad.aspx?s=sp&a=mag&sz=728×90&p=m01&articleid=58536

I think this trend can also be examined from the angle of compliance with PCI standards— payment card industry data security standards (PCI DSS). Visa certainly didn’t like this behavior and was at the forefront of levying fines against offending merchants for not passing their PCI audits. The council is adopting more stringent standards and requirements around keeping card data safe for all those involved in the payments chain—banks included.

It’s encouraging to see that information security is taking on greater importance at organizations, even beyond compliance requirements.

Getting back to the E&Y study, the firm found that companies are better integrating their information security and risk management initiatives (82 percent of respondents). More than two-thirds (69 percent) of respondents felt that information security improves IT and operational efficiencies.

This finding sharply contrasts to previous years, according to the firm, when information security was viewed as a barrier to IT and operational efficiency.

Nearly a third of respondents said they never meet with their board or audit committee.

Although E&Y didn’t specify the kinds of companies involved in the study, it’s not too difficult to draw parallels to the financial services industry.

http://www.banktech.com/blog/archives/2007/12/companies_are_t.html;jsessionid=CESVIN0SMPC0UQSNDLPSKH0CJUNN2JVN

Other increasing data security phenomena during 2007 included parasitic behavior, like the Zlob DNSChanger, and increasing security exploit activity for Apple products, including both Mac’s, iTunes and the iPhone.

The increased popularity of social networking services carries similar risks.

On the mobile security front Symbian S60 as the most popular smartphone platform has done a good job of curbing malware with its 3rd edition software.

http://www.net-security.org/malware_news.php?id=886

Notification costs were down 40 percent, to $15 per customer, suggesting that companies are learning from each other, Dasher says.

Dasher says when PGP sells its software, which encrypts data, more people inside a company are now involved in purchasing it.

This is Ponemon’s third survey of data breach costs since 2005.

http://www.baselinemag.com/article2/0,1540,2223732,00.asp

Alan Paller, director of research for the Sans Institute, a computer-security training organization, said that the reason more vulnerabilities were being found was that it was becoming increasingly profitable for crooks to target the software.

http://www.news.com/Study-Huge-jump-in-Microsoft-flaws-since-last-year/2100-1002_3-6220719.html?tag=nefd.top

Just 39% of respondents said their company had an endpoint security solution, to protect PCs against unauthorised access or malware.

Organisations have to protect their data, themselves and their employees against the risks of possible data leaks, and automation is the only way to do that.The survey also showed that companies strongly agree (85%) with mandatory notification of affected parties in the event of a data breach, as is the law in the US.

http://www.net-security.org/secworld.php?id=5640