Batten Down The Hatches, We’re Under (Cyber)Attack

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.mbtmag.com/blogs/2014/05/batten-down-hatches-we%E2%80%99re-under-cyberattack

Today it was reported by CNNMoney that over the last 12 months, hackers
have exposed the personal information of 110 million Americans — roughly
half of the nation’s adults. The Ponemon Institute believes that about 432
million accounts have been hacked, giving hackers access to personal
information like name, debit or credit card, email, phone number, birthday,
password, security questions and physical address. Stories about
cyberattacks are now so frequent that researchers at Unisys says we’re now
experiencing “data-breach fatigue.” But it’s not just our personal lives
under attack.

According to a co-sponsored survey by PwC, the U.S. Secret Service, the
CERT Division of Carnegie Mellon University's Software Engineering
Institute and CSO security news magazine, companies are also taking a big
hit from hackers. The survey questioned 500 executives of U.S. businesses,
law enforcement services and government agencies.

The AP reported that the 12th annual survey of cybercrime trends found that
online attackers determined to break into computers, steal information and
interfere with business are more technologically advanced than those trying
to stop them. Three out of four respondents said they had detected a
security breach in the past year, and the average number of security
intrusions was 135 per organization.

The main cyberattack methods reported by the cybercrime survey were
malware, phishing, network interruption, spyware and denial-of-service
attacks. Just over a quarter of respondents said the attackers were
insiders, either contractors or current and former employees or service
providers.

Some companies may be surprised to know that hacks are getting more
sophisticated and hacking weapons are numerous, cheap and easily obtained.
Hackers have also learned to infiltrate corporate networks, roaming around
for years before setting off any alarms or raising suspicion.

Ed Lowery, who heads the U.S. Secret Service's criminal investigative
division says companies and the government need to take "a radically
different approach to cybersecurity," which goes beyond antivirus software,
training employees, working closely with contractors and setting up tighter
processes.

Even when caught, some hackers, like Hector Xavier Monsegur, are getting
reduced sentences by helping investigators fight attacks. Monsegur was
facing 26 years behind bars until he helped thwart approximately 300
cyberattacks on targets ranging from the U.S. Armed Forces and Congress to
a TV network and a video game maker. Instead, he got seven months, which he
already served.

Unfortunately, the security of the Internet relies on underfunded
volunteers. It also doesn’t help that too many people are using outdated
and flawed software that makes it easy for attackers to take over systems.

So where is your company’s cybersecurity at? Is your company worried about
a breach? What is your company doing to stay secure? Has it been under
attack in the last year… that you know about? Leave your comments below.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!