[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Security Breaches Pandemic (1) links
- To: RISKS@xxxxxxxxxxx
- Subject: [Full-disclosure] Security Breaches Pandemic (1) links
- From: Al Mac <macwheel99@xxxxxxxxxxx>
- Date: Mon, 26 Jun 2006 13:04:50 -0500
<html>
<body>
<a href="http://www.itjungle.com/tfh/tfh062606-story06.html"; eudora="autourl">
http://www.itjungle.com/tfh/tfh062606-story06.html<br><br>
</a>
<a
href="http://www.securitypronews.com/news/securitynews/spn-45-20060623DeloitteCallsOutTechFirmsOnSecurity.html";
eudora="autourl">
http://www.securitypronews.com/news/securitynews/spn-45-20060623DeloitteCallsOutTechFirmsOnSecurity.html<br>
<br>
</a>
<a href="http://www.irishdev.com/NewsArticle.aspx?id=2902"; eudora="autourl">
http://www.irishdev.com/NewsArticle.aspx?id=2902<br><br>
</a>
<a
href="http://www.deloitte.com/dtt/research/0,1015,sid%3D1000%26cid%3D121102,00.html";
eudora="autourl">
http://www.deloitte.com/dtt/research/0,1015,sid%253D1000%2526cid%253D121102,00.html<br>
</a>Good articles here, in which I am merely summarizing some main
points.<br>
Remember that Security Breaches have been occurring for decades.
The only thing, that is relatively new, is a legal mandate to report
them, when this affects residents of some USA states, and that is
assuming the breached outfits even know they been breached. For
most of the world, this mandate does not yet apply. So what we have
recently been seeing in the news, about security breaches, is just the
tip of an iceberg.<br><br>
* Deloitte survey of 150 companies in technology, media,
telecommunications ... <font size=4 color="#FF0000"><i>more than
half</i></font> reported Security Breaches in the past 12 months.
<br>
* Similar surveys of other industries equally ominous. <br>
** 78% of the world's top 100 financial institutions reported a security
breach in the prior year from the outside, 49% from the inside.
<br>
** 25% for health and science institutions.<br>
* 50% of respondents reported internal security breaches.<br>
** top 2 insider beaches were: insider fraud (28%); and leakage of
customer data (18%).<br>
* 75% reported external breaches.<br>
** 51% of the external attacks were via phishing and pharming.<br>
** 48% via spyware / malware.<br>
* 72% reported a breach costing the organization in excess of $ 1
million..<br>
* More than half of the executives say their security investments are
falling behind known threat risks. Security is primarily focused on
traditional main corporate data storage, not on what's happening with
laptops and other portable collections of data.<br>
* 25% said they recognize phishing is a major threat, for which their
company not yet doing anything about it.<br>
* 70% of movies released illegally to file sharing networks were done by
insiders at the companies.<br>
* Few companies take measures to prevent breaches. Most are in
reactive mode, dealing with whatever comes. Breaches are just another
problem to be swept under the carpet, not yet considered serious enough
to take extra precautions, except at a tiny fraction of the companies
surveyed. Some industries, such as banking, are ahead of the curve
compared to others, in terms of taking this problem more seriously.
Although, we have seen in stories about credit card insecurity, it only
takes a few weak links in a supply chain of financial information, to
wipe out all the security investments at other points.. It is like
having tight physical security on bank vault, while providing back door
tunnel through trusted business partner, for mafia to make withdrawals
without going through front door of bank.<br><br>
This is the 4th annual survey of this kind from Deloitte.<br>
When the data is compared to prior years, it is evident that the
criminals have air superiority in the cyber wars, and continue a winning
streak.<br><br>
I would like to see this kind of statistics by the type of computer
platform,, programming languages and software packages used to run the
firms. I believe that some are asking for trouble, but the surveys
carefully conceal this reality, or fail to explore that dimension,
Perhaps firms that market systems, that are rarely breached, might be
interested in funding such a survey.<br>
<a href="http://www.itjungle.com/tfh/tfh062606-story06.html"; eudora="autourl">
http://www.itjungle.com/tfh/tfh062606-story06.html</a> <br><br>
<a
href="http://rdir.securitypronews.com/cgi-bin/frame.cgi?http://www.deloitte.com/tmtsecurity";
eudora="autourl">
http://rdir.securitypronews.com/cgi-bin/frame.cgi?http://www.deloitte.com/tmtsecurity<br>
<br>
</a>
<a href="http://www.theregister.co.uk/2006/06/21/tmt_security/";
eudora="autourl">
http://www.theregister.co.uk/2006/06/21/tmt_security/<br><br>
</a>
<a href="http://www.siliconrepublic.com/news/news.nv?storyid=single6643";
eudora="autourl">
http://www.siliconrepublic.com/news/news.nv?storyid=single6643<br><br>
</a>16 page report (I had trouble accessing it, perhaps because I have
not registered with them) <br>
<a
href="http://www.deloitte.com/dtt/cda/doc/content/dtt_DR_ProtectingDigitalAssets_062106.pdf";
eudora="autourl">
http://www.deloitte.com/dtt/cda/doc/content/dtt_DR_ProtectingDigitalAssets_062106.pdf<br>
<br>
</a>44 page report (I was able to get at it but kept getting printer
errors when I tried to print it)<br>
<a
href="http://www.deloitte.com/dtt/cda/doc/content/dtt_fsi_2006%20Global%20Security%20Survey_2006-06-13.pdf";
eudora="autourl">
http://www.deloitte.com/dtt/cda/doc/content/dtt_fsi_2006%20Global%20Security%20Survey_2006-06-13.pdf</a>
</body>
</html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/