Because it is that time of the year in the security industry — Black Hat is celebrating its “Sweet Sixteen” party in Las Vegas and those who have been watching the bad guys have digested and decided to publish reports on what they have witnesses — this has been a week of cyber threat information overload for my inbox. Hence, rather than focus on one report, I thought it might be instructive to put the highlights of just a few of these reports in one place. Individually and collectively, they paint a less-than-rosy picture. In short, the bad guys have had a good half year.
Below are the highlights or lowlights depending on your perspective.
Image via Shutterstock
Alcatel Lucent’s Kindsight subsidiary is out with its Kindsight Security Labs Malware Quarterly Report. It is worth a look due to the unique position of Alcatel-Lucent’s network security and analytic products within service provider networks, which can measure the impact of traffic types traversing the network, including malicious and cyber-security threats. Findings include:
Threat Security and C-Levels
Here is a title that should make you want to link to the full report: ThreatTrack Security Finds C-Level Executives Lack Confidence in Their Cybersecurity. The independent blind survey of 200 C-level executives at U.S.-based enterprises was conducted by Opinion Matters on behalf of ThreatTrack Security in June 2013. The results highlight the opinions of CSO, CIO, CEO and CTO executives related to the cybersecurity practices of their companies.
Not surprisingly, the survey found that 97 percent of enterprises with annual security budgets over $1 million still report concerns that they are vulnerable to malware attacks and cyber-espionage tactics. However, there was some interesting food for thought:
· 69 percent of executives are concerned that their organizations may be vulnerable to targeted malware attacks, Advanced Persistent Threats (APTs) and other sophisticated cybercrime and cyber-espionage tactics.
But that is not all. In a companion survey of 203 U.S. consumers done at the same time, 71 percent indicated that the companies that hold their personally identifiable information were either not doing everything they could to protect that data (43 percent) or they were not sure whether that was the case (28 percent). 75 percent had concerns that these companies would be attacked and their personally identifiable information would be compromised. The data also suggests we have reason to be concerned. While admittedly a small sample and thus anecdotal, 47 percent indicated that they have been notified at some point that their information has been compromised by a breach. And may be worst of all, another 47 percent said that even after being notified, they still did not feel well-informed or reassured that their data would be safe.
The big surprise, and this one seems to be shifting wildly and daily depending on the news surrounding the NSA scandal and the barrage of cyber attacks on companies and governments, 70 percent said they do not believe the government should dictate to private companies how they handle and store private data or which technologies they should use to secure their networks.
Voltage provides another factoid in the form of pre-PRISM paranoia
This week also saw Voltage Systems release the result of a little research it did back in April of this year at the Infosecurity Europe Event, i.e., it was before the PRISM scandal. It survey over 300 IT security professionals, over half of whom work in companies that employ more than 5,000 people, and found that 62 percent of them thought the government snoops on their corporate data that resides in the cloud.
I bring this up because security has been a big obstacle in slowing cloud adoption, and these findings while once again anecdotal, do reflect IT professional’s skepticism about cloud security despite the belief my many industry observers, including myself, that the cloud may in fact be safer than what currently passes for secured data in many enterprises today which do not store things in the cloud.
Mobile problems identified b y NQ Mobile
Every report has a little bit of a twist. As the saying goes, “where you stand depends on where you sat.” Thus, in my review of reports from this week I wanted to make sure one from my friends at NQ Mobile. The headline finding was the troublesome revelation (available for review here and then click where it the report is listed to open up a slide show of the results) that 51 thousand new mobile malware threats were identified in the first half of 2013, infecting an estimated 21 million mobile devices. And, just so you know that this is not anecdotal data here are some numbers to chew on as to why this one commands attention.
More to come
Next week, there will be more reports, and they are going to confirm what we all surmise — threats are on the increase, oldies but goodies still are very effective however new ones are more malicious in many ways. In addition, attacks are increasing in frequency and sophistication, the days of attacking/hacking are coming to a close as the bad guys realize there is money in cyber attacks and they are constantly improving their monetization techniques. Plus, nothing is immune. The connected planet is reality and things go viral all too fast.
On the enterprise side of things, I resonate with the remarks of ThreatTrack Security Chief Executive Officer Julian Waits, Sr. who said, “Companies that don’t employ the right mix of people, process and technology are making themselves excellent targets for the cyber bad guys.” And, for we the people, education and simple protections which for starters includes downloading, running and updating the latest anti-virus and anti-malware is not something to put on a to do list. It is something to get done.
I have a feeling next week will cause the need for another report on the reports based on my inbox being a leading indicator. I know there will be lots of news on solutions as well as warnings out of Black Hat on why we should not sleep well at night. There is no such thing as the “summer doldrums” in the cyber security business.
The USC Shoah Foundation was founded by Steven Spielberg in 1994 to document first-hand accounts of the Holocaust for future generations. Since then, …
Roman Valeryevich Seleznev was sentenced to 27 years in prison last week in the U.S. for stealing millions of credit card details from businesses.
Microsoft gunning for a place in the human capital management sphere with new application, and the addition of Dynamics 365 to LinkedIn.
Intellectual property is considered an intangible asset and can include things like recipe ingredients, articles, logos, and proprietary systems and p…
I've been looking at a lot of the comments on game review articles and forums of late, and gamers appear to be disappointed that the games aren't gett…