“The Rise of CyberEspionage” – Chris Mark Published in Homeland Security Network June 18, 2012
Posted by Chris Mark in cyberespionage, cybersecurity.Tags: anonymous, china, cybercrime, cyberespionage, cybersecurity, data breach, data security, homeland security network, L3, mark consulting group, RSA, security
add a comment
An article I wrote on the Rise of Cyber Espionage was picked up by the Homeland Security Network. I must admit that the article title is not what was submitted but the article is one I wrote. If you are interested, spin on over to the Homeland Security Network and read the article. Any feedback would be appreciated..here is an excerpt:
“On April 15, 2011, the US Congressional Subcommittee on Oversight and Investigations conducted a hearing on Chinese cyber-espionage. The hearing revealed the US government’s awareness of Chinese cyberattacks. In describing the situation in her opening remarks, sub-committee chairperson Dana Rohrbacher astutely stated:
“[The]United States is under attack.”12 “The Communist Chinese Government has defined us as the enemy. It is buying, building and stealing whatever it takes to contain and destroy us. Again, the Chinese Government has defined us as the enemy.”
“Wowee wow wow!”; The Costs Of CyberSecurity; Part II May 15, 2012
Posted by Chris Mark in cybersecurity, Industry News, InfoSec & Privacy.Tags: bloomberg, Chris Mark, cybersecurity, data security, InfoSec, mark consulting group, PCI DSS, ponemon
add a comment
In reading the Ponemon/Boomberg report on the costs of cybersecurity, I was shocked to see that companies would need to increase spending 700% to achieve 95% protection. In reading closer, I was even more shocked to see that financial services companies would need to increase spending over 1,270% to achieve 95% protection. Of the 48 financial services firms surveyed the average annual security investment was $22.9 million. To achieve the 95% goal, security investment would need to increase to $292.4 million per year. You can see the results in an interactive chart here.
As stated in my previous post: “CyberSecurity Cold War; Spend Ourselves Into Oblivion”, it is obvious that companies cannot increase security investment 11 fold or even 7 fold. There must be a better answer.
By the way..the “Wowee wow wow” is from Christopher Walken’ character The Continental 😉
Porn, Steganography & Al Qaeda = Bad News May 2, 2012
Posted by Chris Mark in InfoSec & Privacy, Risk & Risk Management, terrorism.Tags: al qaeda, Chris Mark, cybersecurity, data security, InfoSec, mark consulting group, steganography, terrorism
add a comment
“Believe half of what you see and nothing that you hear”…Benjamin Franklin
Recently it was disclosed that German cryptographers had managed to decipher plans taken from an Al Qaeda operator who had a memory card confiscated. According to the story: “On May 16 last year, a 22-year-old Austrian named Maqsood Lodin was being questioned by police in Berlin. He had recently returned from Pakistan via Budapest, Hungary, and then traveled overland to Germany. His interrogators were surprised to find that hidden in his underpants were a digital storage device and memory cards. Buried inside them was a pornographic video called “Kick Ass” — and a file marked “Sexy Tanja.” “ As stated on Gary Kessler’s website: (more…)
Global Issues Press Release Confirming Breach March 30, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.Tags: Chris Mark, credit card, cybercrime, cybersecurity, data breach, data security, Global Payments, mastercard, PCI DSS, visa
add a comment
Thank you to a person for pointing this out to me via LinkedIn. GlobalPayments, Inc. has issued a press release confirming it was their system that was compromised. You can read it here. They have disabled cutting and copying so here is a screenshot.
“A Failed State of Security”; Deterrence Theory & CyberCrime (Research Brief) March 5, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management.Tags: Chris Mark, cybersecurity, data breach, data security, deterrence theory, markconsultinggroup.com, PCI DSS, security
add a comment
Expanding on the concept of Rational Deterrence and its effect on crime, we have published a research brief on Deterrence Theory and Its Effect on CyberCrime. The brief outlines the failing strategy of compelling companies to prevent breaches without deterring those who commit the crimes. You download the brief (all 25 pages) here. Below is a short excerpt:
“At RSA’s annual security convention, the head of the Federal Bureau of Investigation, Mr. Robert Mueller stated, on February 28th, 2012, ominously: “There are only two types of companies. Those that have been hacked and those that will be.”[1] At the same event, the CEO of RSA, told the audience: “Our networks will be penetrated. We should no longer be surprised by this.” He further stated: “The reality today is that we are in an arms race with our adversaries, and right now, more often than not, they are winning.”[2] The comments, while accurate, are late in coming. RSA, one of the worlds’ largest security vendors, was breached in 2011. The breach was more than a simple theft of customer data. The breach was a theft of intellectual property that compromised the infrastructure of RSA’s 2-factor authentication system known as SecureID. This potentially exposed thousands (if not more) of companies to a bypass of their own access control mechanism.
RSA’s CEO then continued: (more…)
Global Security, Privacy, & Risk Management 