small business security statistics

[d4ncingd4n at gmail.com (Dancing Dan)]

Apologies to the PDC crew: Sean-Paul Correll, Panda Security threat
researcher will be on Securabit on 4/7 to discuss the report. +2 on Jack's
recommendation on Brian Krebs. Brian was on Securabit episode 52 discussing
the crimeware.

In addition to directly stealing the money, trojaned machines are being used
to proxy attacks on FI. I also agree with Tim about the under reporting of
breaches due to trojans. Most non-security people still thinking of viruses
as porn pop-ups.

Bart

On Tue, Mar 30, 2010 at 7:46 AM, Bugbear <gbugbear at gmail.com> wrote:

> +1 on Jack's recommendation of Brian Krebs
>
> I saw this come down on twitter today
>
> http://www.pandasecurity.com/homeusers/media/press-releases/viewnews?noticia=10116
>
> Just note the source - AV companies have everything to gain from FUD
>
> Problem I see with any stats regarding such compromises. is Companies
> often will not report the breach. Even states with Breach notification
> laws often do not require disclosure of the Company to the public.
> Combine that with the fact that such legislation only covers
> notification of specific data (i.e. PI) and there are 40 something
> different variations in different states, I think there isn't a chance
> of getting an accurate representation of the issue we are facing.
>
> But I will end my rant here
>
> Tim
>
> On Tue, Mar 30, 2010 at 6:32 AM, Jack Daniel <jackadaniel at gmail.com>
> wrote:
> > Brian Krebs has done a good job of reporting on this issue, see his
> > blog at http://www.krebsonsecurity.com/, he even has a "Target: Small
> > Business" section with numerous posts on the topic, that's at
> > http://www.krebsonsecurity.com/category/smallbizvictims/
> >
> > Short version of this situation: Most small biz are no more tech savvy
> > than home users, but don't have the financial account protections of
> > individuals, and usually have more in the bank than an individual- so
> > they're a great and vulnerable target.
> >
> > Jack
> >
> > --
> > ______________________________________
> > Jack Daniel, Reluctant CISSP
> > http://twitter.com/jack_daniel
> > http://www.linkedin.com/in/jackadaniel
> > http://blog.uncommonsensesecurity.com
> >
> >
> > On Mon, Mar 29, 2010 at 10:37 PM, Arnaud <lists at arnaudloos.com> wrote:
> > > I'm looking for information security statistics as it pertains to small
> > > businesses. There's one statistic specifically that I read recently
> along
> > > the lines of small businesses having money stolen through the use of
> > > keystroke loggers on the principal banking PC and the hacker initiating
> a
> > > bank transfer. Can't remember where i saw it though. Links to any
> articles
> > > relating to current statistics would be appreciated.
> > > Thanks.
> > > Arnaud-
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom at mail.pauldotcom.com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100330/88697b2b/attachment.htm