Archives for February 2011

Information Rights Management Monitor: Survey: Insider attacks cause more damage than outside assault

Information Rights Management Monitor: Survey: Insider attacks cause more damage than outside assault.

The debate continues about outsider vs. insider attacks. Which are more prevalent? Which are more costly?

A recent survey conducted by SCO Magazine and sponsored by Deloitte, claims that:

58 percent of attacks are caused by outsiders and only 21% by insiders. At the same time, however, 33% view the insider attacks to be more costly than outside attacks, compared to 25% in 2010.

Now one might think that it’s in Deloitte’s interest to promote the growing threat of insider attacks because it’s an audit firm. However, I found this statistic to be interesting:

The authors noted that the public may not be aware of the number of insider events or the level of the damage caused because 70% of insider incidents are handled internally without legal action.

In my view, the difference between an outsider and an insider attack is narrowing if you define an insider as one who has authorized access. This is due to the increasing prevalence of botnet attacks which steal credentials. Thus an outsider becomes an insider. Of course, if the definition is based on the identity type of the attacker the difference between outsider and insider is clearer.

Therefore when planning your security defenses, it’s critically important to use an approach which starts with identifying the attacker types and their objectives. That’s why I like the SANS 20 Critical Security Controls for Effective Cyber Defense.

 

YouTube – Seculert Cyber Threat Management

YouTube – Seculert Cyber Threat Management.

Our partner Seculert has just published this video on YouTube, highlighting it’s ability to complement existing security controls to provide detailed information on systems compromised by botnets.

The Top 10 Security Questions Your CEO Should Ask — CIOUpdate.com

The Top 10 Security Questions Your CEO Should Ask — CIOUpdate.com.

From PwC, here are the top 10 questions your CEO should be asking you:

  1. Who is accountable for protecting our critical information?
  2. How do we define our key security objectives to ensure they remain relevant?
  3. How do we evaluate the effectiveness of our security program?
  4. How do we monitor our systems and prevent breaches?
  5. What is our plan for responding to a security breach?
  6. How do we train employees to view security as their responsibility?
  7. How do we take advantage of cloud computing and still protect our information assets?
  8. Are we spending our money on the right things?
  9. How can we ensure that we comply with regulatory requirements and industry standards in the most cost-effective, efficient manner?
  10. How do we meet expectations regarding data privacy?

This article provides a paragraph or two on each one of these questions.

Seculert Research Lab: The New Trend in “Malware Evolution”

Seculert Research Lab: The New Trend in “Malware Evolution”.

This post by Seculert Research Labs provides an overview of the evolution of Carberp. Carberp is a relatively new botnet which is rapidly evolving into the one of the most sophisticated pieces of malware ever seen.

Some say it will be the successor to Zeus. Whether that happens remains to be seen, but its developers are surely competing for the cybercriminals’ software budget.