85% Worried About Privacy & ID-Theft

According to the bi-annual Unisys Security Index, one-in-ten customers have switched banks or retailers because of unhappiness with the way they have handled their identity or privacy.

  • 85% of the population are now worried about bank card fraud and identity theft,
  • 75% of British people say they will not shop or bank with people they cannot trust to safeguard their personal information.

But the Index also showed UK customers take a selective approach to online safety. While a majority limit access to personal information on social media sites, 39 percent admit to rarely considering privacy protection when shopping or banking online.



Spear Phishing Attacks Climbing

Symantec is reporting that “Spear Phishing” attacks have climbed dramatically over the last 4-5 years.  The number of targeted phishing attacks against individuals has risen from one or two a week in 2005 to more than 70 a day.  Symantec is muddying the waters a bit, explaining targeted attacks and Advanced Persistent Threats, and Spear Phishing attacks as one and the same.  They are not necessarily so.

Continue reading

Canada’s National Platform on Disaster Risk Reduction

Vic Toews, Minister of Public Safety, has announced Canada’s National Platform on Disaster Risk Reduction, to better protect Canadians in the event of a disaster.  The establishment of Canada’s National Platform further strengthens existing coordination on domestic disaster risk reduction initiatives developed by Public Safety Canada, such as the National Disaster Mitigation Strategy, the National Strategy and Action Plan for Critical Infrastructure, and the Federal Emergency Response Plan

“Natural disasters, such as floods and severe weather can happen almost anywhere in Canada and it is important we do everything possible to reduce the risks before such events occur,” said Minister Toews. “Through the National Platform on Disaster Risk Reduction, we are ensuring a comprehensive, coordinated approach to emergency preparedness and disaster recovery. Everyone benefits when governments, non-government organizations, academia, and the private sector work together toward the same goal – the safety and security of Canadian families.”

The National Platform on Disaster Risk Reduction also allows stakeholders from across the public sector, the private sector, academia, and non-governmental organizations to:

  • Share ideas and action in order to address disaster risk reduction issues
  • Work towards better integration of disaster risk reduction in national emergency management policies, plans and programs,
  • Strengthen stakeholder relationships to address gaps in prevention/mitigation, preparedness, response and recovery.

Check out the full announcement.

Bredolab Botnet Busted!

Dutch police have teamed up with security organisations to dismantle the Bredolab botnet’s command and control servers and the Armenian Police to arrest the mastermind behind the botnet network at the international airport in Yerevan. 

The Bredolab Trojan which allows criminals to capture bank login details and other sensitive information, has infected at least 30 million computers worldwide since July 2009.  The Netherlands Forensic Institute NFI, security firm Fox-IT and the Dutch computer emergency response team GOVCERT.NL assisted in the takedown of 143 servers, using the botnet itself to alert victims that they were infected. 

Dutch National Crime Squad

Dutch National Crime Squad-Update.

Top 10 Strategic IT Technologies & Trends

Gartner has highlighted the top 10 technologies and strategic trends for most organizations in 2011 during the Gartner Symposium/ITxpo in Florida October 18th through October 21st.

A strategic technology is defined as one with the potential for significant impact on the enterprise in the next 3 years.  Factors that indicate significant impact include a high potential for disruption to IT or the business, the need for a major investment, or the risk of being late to adopt.  It may be an existing technology that has matured and/or become suitable for a wider range of uses, or an emerging technology that offers an opportunity for strategic business advantage for early adopters with potential for significant market disruption in the next 5 years.   These technologies impact long-term plans, programs and initiatives.

Companies should factor these top 10 technologies into their strategic planning processes by asking key questions and making deliberate decisions about them during the next 2 years.  Consider the security and privacy implications as you consider the how’s and why’s of implementing these technologies or adopting these trend setting technologies.  The questions you ask now will provide the answers you will need later.

The top 10 strategic technologies for 2011 include:

  • Cloud Computing. Cloud computing could change the service model of network computing.
  • Mobile Applications and Media Tablets.  Each brings with it risks and benefits.
  • Social Communications and Collaboration.  Careful what you share.
  • Video.  Consider trends in digital photography, 3D, consumer electronics, digital and Internet-based television and mobile computing.
  • Next Generation Analytics. It is becoming possible to run simulations or models to predict future outcomes.
  • Social Analytics. Measuring, analyzing and interpreting the results of interactions and associations among people, topics and ideas.
  • Context-Aware Computing. Using environmental , activities, connections and preferences to improve interaction with end users.
  • Storage Class Memory. The use of SSD and other technologies to increase storage and access speeds.
  • Ubiquitous Computing.  The coming 3rd wave of computing where computers are invisibly embedded into the world.
  • Fabric-Based Computing.  A system can be aggregated from separate modules connected over a fabric or switched backplane.

 And the Top 10 Trends in IT:

  1. Virtualization. “The data center of the future is going to be completely virtualized,” Cappuccio predicts. 
  2. Dealing with data. Data is expected to grow by 800% over the next five years, and 80% of it will be unstructured.
  3. Energy and green IT. This includes better automation and monitoring. 
  4. Unified communications and collaboration. This will be especially important as younger workers are hired.
  5. Thinking horizontally. Companies need IT pros with business smarts.
  6. Open-source collaboration. External networks will emerge.
  7. Windows XP migration. Vendors will cease testing their apps on it.
  8. Computing and data center density. This will be helped by the doubling of cores every two years and the expanded use of liquid cooling.
  9. Cloud computing. Users will shift more services to the cloud.
  10. Fabric computing. Server, storage and network systems will be integrated.

A webinar series will provide full video replays of the Gartner Symposium/ITxpo keynotes, as well as selected Gartner analyst presentations. More information is available at http://mediazone.brighttalk.com/event/Gartner/27d8d40b22-4312-intro.

Zeus At Home, But Then Who Really Cares?

According to ComputerWorld, it looks like Zeus malware distributors are developing a new attack strategy, targeting businesses more than banks.  Zeus has been typically used to steal online banking credentials,  but has started angling for home computers and VPN access into the soft, mushy insides of the corporate network. 

It would seem there is less network protection at home, fewer tracking mechanisms, and just as much or more value to be had within the various Small, Medium, and Enterprise sized businesses that this tactic exposes their tools to.  Criminal groups that use Zeus have started trying to find out where their victims work by popping up fake online bank log-in screens that ask the victims for their employer’s name.

We trust our employees, but because most of the security work goes on in the corporate environment behind the red curtain, they don’t understand security, their home computers and laptops are not as well protected outside of the corporate perimeter.   Zeus provides a powerful tool for corporate espionage, letting criminals remotely control victim computers, search files, capture passwords and log keystrokes.  Hackers could use the victims’ home PC to break into corporate systems by by-passing a large portion of the protective controls deployed within an organization. 

Employees take risks at home that they would not necessarily take at the office because no one is watching.  The risk they understand is getting caught, not getting compromised.  The Internet remains a target rich environment as awareness is lacking, and lackadasical complacancy is the norm.  Without perceived and pernsonal consequence, there is no security beyond that which is ENFORCED.

Agree?  No?  How come?

Verizon 2010 PCI Compliance Report

The Payment Card Industry’s Security Standards Council is doing a good job locking down larger retailers, but as I’ve been saying for the past year or two, the smaller “Mom and Pop” shops are becoming the new targets of online criminals.  A recent report on PCI compliance by Verizon  confirms these unsettling trends.  The report says Level 3 and 4 retailers are now being targeted for credit card data.  Examples of these targets include restaurants in several states that were hit in recent months.