Compliance Costs, Infected Computers, Data Breaches and More ... Are You Worried YET? (by Tim O'Neill)
Editor Profile - Tim O’Neill is an independent technology consultant. He has over 30 years experience working in the WAN, Analog, ISDN, ATM and LAN test market. Tim has worked with companies like Navtel, Network General, Ganymede and ClearSight Networks and is now helping companies get lab recognition and technology verification. Tim is also the Chief Contributing Editor for LoveMyTool.com, a website designed to help network managers gain access to valuable information and real solution stories from other customers. Tim is a patent holding, published and degreed engineer, who has seen this technology grow from Teletype (current loop) data analysis to today’s 10 Gigabit LAN’s focused on business applications with heavy compliance demands.
Tim can be reached at oldcommguy (at) bellsouth (dot) net.
Data Security Compliance Costs, Infected Computers, Data Breaches and more that are plaguing today’s firms!
Are you worried YET?
I recently read these amazing and very scary statistics that are discussed on the MXLogic website -
- The number of computers infected by malware designed to steal personal or banking information for identity theft and fraud has shot up 600 percent in the past year, according to a report from web security firm Panda Security.
The growth of unique malware has nearly tripled in the first half of 2009 - compared to 2008, according to web security researchers from antivirus firm McAfee.
- In total, McAfee has spotted 1.2 million unique pieces of malware so far this year, nearly as much as produced in all of 2008 and almost six times the amount of malware in all of 2007, reported on the Avert Labs blog.
- Cybercriminals use malware to infect PCs with malicious code that can steal data for identity theft, sending out spam and distributing malware to other PCs.
"Security and compliance issues facing companies and their IT staff are exploding, and at the same time becoming increasingly more complex and dangerous. MX Logic solutions are designed to address these issues in a way that reduces costs and alleviates the pressures placed on overworked IT staff," said Sam Masiello, Director of Threat Management at MX Logic (now part of the McAfee SaaS Business Unit).
Frank Artes, the VP of Security for Deluxe Entertainment Services Group, Inc., points out – The #1 rise in all trojan and worms is for the theft of online computer game account credentials. There is a grey market that allows for the sale of virtual goods stolen from the account and is quite profitable. The average customer of these games plays from 20-40 hours / week. A Major investment in time to steal!
- The University of California-Berkeley is notifying 493 applicants to the Graduate School of Journalism that their Social Security numbers and other personal information may have been stolen in a server data breach.
- - Costs of compliance and number of vendors with access to sensitive information are cited by a majority of businesses as stumbling blocks to preparations for new data security regulations taking effect in Massachusetts and other states in 2010.
According to a survey conducted by Goodwin Procter and the International Association of Privacy Professionals (IAPP), companies face major challenges in complying with the state’s data security rules that impose significant requirements on entities possessing personal information of state residents, including entities based outside Massachusetts as well as many other states.
The Proctor survey revealed that 60 percent of information privacy professionals say their organizations have more than;
- 10 vendors with access to personal information and
- 30 percent say they have over 100 vendors with access to personal information - which complicates the compliance process.
Complying with the new regulations is also costing 33 percent of respondents more than $50,000. Another 12 percent of those surveyed say their organizations have spent between $10,000 and $50,000 and 44 percent have spent more than 100 hours in compliance activities.
Although the cost of compliance is significant, other research indicates that data breaches are far more costly to contain. In 2007, the average cost of a data breach was $6.3 million, according to a Ponemon Institute study released earlier this year.
After reading the stats on the MXLogic site I went searching for more ststistics and what I found was scary – This is an OMG!!!
Virus infection have reached a Pandemic in 2009 even with all the “protection” software…even phone are getting hit!
Click here for more details.
The most common effect of a virus infection, reported by 70 percent of respondents, was rendering a PC unavailable to the user. Sixty-nine percent of respondents said that viruses had cost productivity, while 37 percent reported loss of data due to viruses.
Virus’s are now being used as part of Cyber Warfare, like with the South Korean attacks just recently starting on July 4th.
The US Center for Emergency Readiness (CERT) continues to report on Microsoft vulnerabilities including the especially prolific Conficker Worm, the SQL vulnerability and now Apple (both computers and the iPhone), Oracle and Symantec and many others have begun to feel the pain of multiple vulnerabilities and attacks.
The latest CERT summary report is scary, even as of Sept 10th.
This year we have heard about the Heartland Breach effecting hundreds of thousands credit users.
For a very good list of breach’s in 2009 check out this great site.
For more breach chronology click here.
With almost 2 billion internet users there seems to be no end to digital threats to both individual and corporate data security!!!!
- What are you doing to protect your network?
- If you had a Breach how would you know?
- Do you have a network usage and data security policy?
- Are you actively monitoring for aberrant behavior?
- Do you even have access to your actual/real data?
- Do you even know what/who has access and is on your network?
Well if you need help answering some of these questions and other security questions let me know (firstname.lastname@example.org) and I will direct you to some of the best companies and analyst in the industry to help you get started with securing your data and network.
I wish I had better news but reality is tough and very scary!
I wish you Great Success with Less Stress – My Best – Tim - The Oldcommguy™