“Kiss My QR Code”; Symantec Releases 2011 Internet Security Threat Report May 20, 2012
Posted by Chris Mark in cybersecurity, Data Breach, InfoSec & Privacy.Tags: Chris Mark, cybercrime, cyberespionage, cybersecurity, Internet Threat Report, malware, Phishing, QR Code, Symantec
add a comment
This month Symantec released the results of their 2011 Internet Security Threat Report. It is a very compelling read and highlights just how difficult it is becoming to protect systems, and data. Some of the more interesting findings: 2011 saw variants of Malware increase from 283 million to 407 million (you read that correct…million). Additionally, data thieves have begun using QR codes to infect Android phones with malicious software. One out of every 299 emails is a phishing attempt. This is a document that I recommend you download and read.
“Wowee wow wow!”; The Costs Of CyberSecurity; Part II May 15, 2012
Posted by Chris Mark in cybersecurity, Industry News, InfoSec & Privacy.Tags: bloomberg, Chris Mark, cybersecurity, data security, InfoSec, mark consulting group, PCI DSS, ponemon
add a comment
In reading the Ponemon/Boomberg report on the costs of cybersecurity, I was shocked to see that companies would need to increase spending 700% to achieve 95% protection. In reading closer, I was even more shocked to see that financial services companies would need to increase spending over 1,270% to achieve 95% protection. Of the 48 financial services firms surveyed the average annual security investment was $22.9 million. To achieve the 95% goal, security investment would need to increase to $292.4 million per year. You can see the results in an interactive chart here.
As stated in my previous post: “CyberSecurity Cold War; Spend Ourselves Into Oblivion”, it is obvious that companies cannot increase security investment 11 fold or even 7 fold. There must be a better answer.
By the way..the “Wowee wow wow” is from Christopher Walken’ character The Continental 😉
“RSA Doesn’t Dine Alone” – China Suspected In Pipeline Attack May 13, 2012
Posted by Chris Mark in cybersecurity, InfoSec & Privacy, terrorism.Tags: china, Chris Mark, cybercrime, cyberespionage, cybersecurity, data breach, Pipeline Breach, RSA, security, terrorism
add a comment
For background on this story, please read the previous post, as well as an earlier post titled: “Cyberattack underway against US Pipelines”. While the timing of this story is fortuitous for this author, the event is frightening. According to the Christian Science Monitor “Those analyzing the cyberspies who are trying to infiltrate natural-gas pipeline companies have found similarities with an attack on a cybersecurity firm a year ago. At least one US government official has blamed China for that earlier attack.” The referenced security firm is RSA. Again quoting CSM: “Investigators hot on the trail of cyberspies trying to infiltrate the computer networks of US natural-gas pipeline companies say that the same spies were very likely involved in a major cyberespionage attack a year ago on RSA Inc., a cybersecurity company. And the RSA attack, testified the chief of the National Security Agency (NSA) before Congress recently, is tied to one nation: China.”
Anyone who doubt that the US is under attack by China should read about the attacks against Dupont, RSA, Lockheed Martin, and more.
“Communist Chinese Cyber-Attacks, CyberEspionage and Theft of American Technology” May 13, 2012
Posted by Chris Mark in cybersecurity, Data Breach.Tags: china, Chris Mark, cybercrime, cyberespionage, cybersecurity, InfoSec, IP Theft, malware, mark consulting group, security
1 comment so far
Since it is Mother’s day, I will not ramble on with inane commentary 😉 Instead, here is a link to the report of the same name as the blog title (too lazy to retype)…from the 112 Congress’ Congressional Hearing before the Subcommittee on Oversight and Investigations of the Committee of Foreign Affairs; House of Representatives. It is very interesting and provides some valuable insight into IP theft. Don’t forget to thank Mom today!
“Doing Time Before Being Convicted?” – Analyist Accuses Merchant of PCI Non-Compliance May 11, 2012
Posted by Chris Mark in cybersecurity, Data Breach, Industry News, InfoSec & Privacy.Tags: bankinfosecurity, Chris Mark, cybersecurity, data breach, Gartner, opening ceremony, PCI DSS, security
add a comment
I wrote this in May 2012. Given the current position in the industry if proclaiming victims of cybercrime to be wholly responsible, I thought it appropriate to publish again.
I was reading a an article on BankInfoSecurity.com titled: “Online Retailer Breached”. I am taken aback at the attitude of the quoted analyst. A Gartner analyst took a very bold step of accusing the merchant of “non compliance” then seemingly qualifying his statement by adding: “The attacker was probably able to attack unencrypted card numbers,” he says. “But given the lack of details, it’s hard to say for certain.” (more…)
Global Security, Privacy, & Risk Management 