Law Enforcement Agencies Find New Ways to Fight Cybercrime

Law enforcement agencies worldwide are getting better at catching cybercriminals, scoring some big cybercrime busts and getting better at detecting and investigating data breaches. Officials worldwide detected five times as many breaches in 2011 as in 2010, according to new data in the Trustwave’s 2012 Global Security Report. About 33% of organizations with data breaches discovered the incidents when alerted by law enforcement, up from 7% in 2010. These good results for law enforcement are mostly powered by the work of the U.S. Secret Service, Interpol, the Australian Federal Police, and the U.K.’s Serious Organised Crime Agency (SOCA).

Only 16% of victim organizations detected hacking incidents on their own in 2011, while the other 84% only discovered them when alerted by outside entities, such as law enforcement, regulatory bodies, or a public venue. When analyzing the circumstances of the hacks discovered by third parties, it’s been discovered attackers had been active within the victim organization’s network for an average of 173.5 days before being detected. Read more

New report says cyber-attack risk to global stability is great and very real

Security professionals fear cyber-attacks and warn ab0ut them every chance they get. Countries all over the world are trying to put up the best cyber defenses technology advancements can buy, but it does take a well established institution in the field of global economy to actually make us all tremble and finally believe cyber attacks pose a great threat to global stability.

The World Economic Forum’s (WEF) Global Risks for 2012 report places cyber-attacks against governments and businesses among the top five risks in the world to global stability, in terms of likelihood. Cyber-attacks come right after income disparity, fiscal imbalances, and the rising greenhouse gas emissions, shows the report released in WEF’s annual conference held in Davos, Switzerland.  Read more

Healthcare data breaches on the rise and costing billions

Based on the many stories about data breaches reported by organizations in the healthcare industry, from hospitals to insurance companies and other third-party companies that deal with healthcare data, we could have guessed this is not even close to being a top sector when it comes to data security. A new report released by the Ponemon Institute now brings even further insight into the state of the healthcare industry, showing a spike in data breaches of over 30% and average annual costs of 6.5 billion US dollars.

The “2011 Benchmark Study on Patient Privacy and Data Security,” commissioned by IDExperts, idendified employee error to be one of the main cause for data breaches in hospitals and healthcare providers. These types of organizations in the healthcare industry suffered an average of four data breaches in the past year. Nearly 30 percent of healthcare companies said the breaches they suffered resulted in medical identity theft – an over 25 percent increase over 2010. Read more

Security study – Most government employees fall for planted USB sticks

Curiosity is stronger than any sense of security or any fear of hackers and other malicious individuals, this was the conclusion of a security study run by the US Department of Homeland Security. The study proved how easily hackers and other individuals outside companies can easily go beyond firewalls and other security measures by simply planting USB sticks or computer disks in the right place.

The test tempted government employees by dropping the said USB memory sticks and computer disks in parking lots of government buildings and private contractors that work with the government, just waiting for them to take the bait. Read more

Database administrators lack proper understanding of security

A recently published study shows that database administrators don’t fully understand security. According to these fresh findings, database administrators and IT decision-makers in general admit to knowing very little about security issues like change control, patch management, auditing etc. This survey was conducted on 214 Sybase administrators belonging to the International Sybase User Group.

“A majority of respondents admit that there are multiple copies of their production data, but many do not have direct control over the security of this information,” the survey report stated. “Only one out of five take proactive measures to mask or shield this data from prying eyes.”

According to the report’s author, Unisphere Research analyst Joe McKendrick, the ISUG survey is the first released of a series of similar database security surveys being conducted across various database user groups, including those running other platforms such as Oracle and SQL Server. Read more

Data Breaches Down, But Threat Still Real

UK fraud on the rise, losses amount to billions

The latest annual statistics from the UK’s National Fraud Authority show that more than £38bn have been lost over the last 12 months due to fraud. This amounts to an increase of more than 25%.The public sector (£21.2bn) reported the biggest part of the loss, while the private sector cost the government only £12bn, with another £4bn in losses from fraud against individuals.

According to the NFA the increase was to be expected, at least in part, due to improved reporting procedures. The figures include estimates for procurement (£2.4bn) and grant fraud (£515m) for the first time. Read more

Security is being held back by the lack of IT staff

A recent survey by Forrester Research shows that the lack of qualified security staff is one of the main reasons IT managers cannot successfully secure the enterprise. Their survey of over 2,000 IT executives in the US, UK, Canada, France and Germany found that one of the key problems behind corporate IT security is getting qualified staff to do the job.Almost half of the It managers in the US and Europe are dealing with this issue.

“Security leaders feel that they simply don’t have enough staff to carry out day-to-day tactical activities while adjusting to major business and IT shifts and changing threats,” said Forrester principal analyst Khalid Kark.

Read more

Cyber criminals change targets – small fish are easier to catch?

Security experts have their eyes turned on Europe as the number of cyber crime operations emanating from here is growing. In the first half of 2010 Europe has surpassed Asia and the Americas in producing web-based threats.

One reason for the rise of European based threats might partly be due to the fact that the Chinese Government has forced it’s local ISP’s to curve illegal activities there. This politics are apparently one of the reasons for the migration of cyber criminals to Eastern Europe. Read more

UK cost cutting trend affects information security spending

Although C-level management recognizes the importance of information security, companies all around the UK plan to reduce their information security costs. This rumour is backed up by a survey released by PricewaterhouseCoopers (PwC), which states that budget increases for information security costs is a priority for less then one third (31%) of the UK-based companies. The international average is 52%.