Welcome!

Related Topics: Containers Expo Blog, @CloudExpo, Cloud Security

Containers Expo Blog: Blog Feed Post

Unplug Everything!

Have you seen the latest 2011 Verizon Data Breach Investigations Report?

Just kidding…partially.  Have you seen the latest 2011 Verizon Data Breach Investigations Report?  It is chock full of data about breaches, vulnerabilities, industry demographics, threats and all the other internet security terms that make the headlines.  It is an interesting view into cybercrime and like last year, there is also information and analysis from the US Secret Service, who arrested more than 1200 cybercrime suspects in 2010.  One very interesting note from the Executive Summary is that while the total number of records compromised has steadily gone down – ‘08: 361 million, ‘09: 144 million, ‘10: 4 million – the case loads for cybercrime is at an all time high – 141 breaches in 2009 to a whopping 760 in 2010.  One reason may be is that the criminals themselves are doing the time-honored ‘risk vs. reward’ scenario when determining their bounty.  Hey, just like the security pros!  Oh yeah….the crooks are pros too.  Rather than going after the huge financial institutions in one fell swoop or mega-breach, they are attempting many more low risk type intrusions against restaurants, hotels and smaller retailers.  Hospitality is back on the top of the list this year, followed by retail.  Financial services round out pole position, but as noted, the criminals will always have their eye on our money.  Riff-raff also focused more on grabbing intellectual property rather than credit card numbers.

The Highlights:

  • The majority of breaches, 96%, were avoidable through simple or intermediate controls; if only someone decided to prevent them.
  • 89% of companies breached are still not PCI compliant today, let alone when they were breached.
  • External attacks exploded in 2010, and now account for the vast majority at 92% and over 99% of the lost records.
  • 83% of victims were targets of opportunity.  Most attacks are opportunistic, with criminal rings relying on automation to discover susceptible systems for them.
  • Most breaches aren’t discovered for weeks to months, and most breaches, 86%, are discovered by third-parties, not internal security teams.
  • Malware and ‘hacking’ are the top two threat actions by percentage of breaches, 50%/49% respectively, along with tops in percentage of records 89%/79%.  Misuse, a strong contender last year, went down in 2010.
  • Within malware, sending data to an external source, installing backdoors and key logger functions were the most common types and all increased in 2010.
  • 92% of the attacks were not that difficult.

You may ask, ‘what about mobile devices?’ since those are a often touted avenue of data loss.  The Data Breach Report says that data loss from mobile devices are rarely part of their case load since they typically investigate deliberate breaches and compromises rather than accidental data loss.  Plus, they focus on confirmed incidents of data compromise.  Another question might have to do with Cloud Computing breaches.  Here they answer, ‘No, not really,’ to question of whether the cloud factors into the breaches they investigate.  They say that it is more about giving up control of the systems and the associated risk than any cloud technology.

Now comes word that subscribers of Sony’s PlayStation Network have had their personal information stolen.  I wonder how this, and the other high profile attacks this year will alter the Data Breach Report next year.  I’ve written about this type of exposure and felt it was only a matter of time before something like this occurred.  Gamers are frantic about this latest intrusion but if you are connected to the internet in any way shape or form, there are risks involved.  We used to joke years ago that the only way to be safe from attacks was to unplug the computers from the net.  With the way things are going, the punch line is not so funny anymore.

ps

Resources:

Technorati Tags: F5, data breach report, threats, Pete Silva, security, malware, technology, Verizon, cyber-threat, social engineering, attacks, virus, vulnerability, web, internet, cybercrime, identity theft, scam, data breach, psn, Sony, PlayStation

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1] o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]


Read the original blog entry...

More Stories By Peter Silva

Peter is an F5 evangelist for security, IoT, mobile and core. His background in theatre brings the slightly theatrical and fairly technical together to cover training, writing, speaking, along with overall product evangelism for F5. He's also produced over 350 videos and recorded over 50 audio whitepapers. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.

Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.

Writer, speaker and Video Host, he's also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.

Latest Stories
They say multi-cloud is coming, but organizations are leveraging multiple clouds already. According to a study by 451 Research, only 21% of organizations were using a single cloud. If you've found yourself unprepared for the barrage of cloud services introduced in your organization, you will need to change your approach to engaging with the business and engaging with vendors. Look at technologies that are on the way and work with the internal players involved to have a plan in place when the ine...
"We began as LinuxAcademy.com about five years ago as a very small outfit. Since then we've transitioned into more of a DevOps training company - the technologies and the tooling around DevOps," explained Doug Vanderweide, an instructor at Linux Academy, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
More and more companies are looking to microservices as an architectural pattern for breaking apart applications into more manageable pieces so that agile teams can deliver new features quicker and more effectively. What this pattern has done more than anything to date is spark organizational transformations, setting the foundation for future application development. In practice, however, there are a number of considerations to make that go beyond simply “build, ship, and run,” which changes how...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
DevOps with IBMz? You heard right. Maybe you're wondering what a developer can do to speed up the entire development cycle--coding, testing, source code management, and deployment-? In this session you will learn about how to integrate z application assets into a DevOps pipeline using familiar tools like Jenkins and UrbanCode Deploy, plus z/OSMF workflows, all of which can increase deployment speeds while simultaneously improving reliability. You will also learn how to provision mainframe syste...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term.
The technologies behind big data and cloud computing are converging quickly, offering businesses new capabilities for fast, easy, wide-ranging access to data. However, to capitalize on the cost-efficiencies and time-to-value opportunities of analytics in the cloud, big data and cloud technologies must be integrated and managed properly. Pythian's Director of Big Data and Data Science, Danil Zburivsky will explore: The main technology components and best practices being deployed to take advantage...
Organizations planning enterprise data center consolidation and modernization projects are faced with a challenging, costly reality. Requirements to deploy modern, cloud-native applications simultaneously with traditional client/server applications are almost impossible to achieve with hardware-centric enterprise infrastructure. Compute and network infrastructure are fast moving down a software-defined path, but storage has been a laggard. Until now.
Adding public cloud resources to an existing application can be a daunting process. The tools that you currently use to manage the software and hardware outside the cloud aren’t always the best tools to efficiently grow into the cloud. All of the major configuration management tools have cloud orchestration plugins that can be leveraged, but there are also cloud-native tools that can dramatically improve the efficiency of managing your application lifecycle. In his session at 18th Cloud Expo, ...
Contextual Analytics of various threat data provides a deeper understanding of a given threat and enables identification of unknown threat vectors. In his session at @ThingsExpo, David Dufour, Head of Security Architecture, IoT, Webroot, Inc., discussed how through the use of Big Data analytics and deep data correlation across different threat types, it is possible to gain a better understanding of where, how and to what level of danger a malicious actor poses to an organization, and to determin...
Extreme Computing is the ability to leverage highly performant infrastructure and software to accelerate Big Data, machine learning, HPC, and Enterprise applications. High IOPS Storage, low-latency networks, in-memory databases, GPUs and other parallel accelerators are being used to achieve faster results and help businesses make better decisions. In his session at 18th Cloud Expo, Michael O'Neill, Strategic Business Development at NVIDIA, focused on some of the unique ways extreme computing is...
Digital transformation has increased the pace of business creating a productivity divide between the technology haves and have nots. Managing financial information on spreadsheets and piecing together insight from numerous disconnected systems is no longer an option. Rapid market changes and aggressive competition are motivating business leaders to reevaluate legacy technology investments in search of modern technologies to achieve greater agility, reduced costs and organizational efficiencies. ...
CI/CD is conceptually straightforward, yet often technically intricate to implement since it requires time and opportunities to develop intimate understanding on not only DevOps processes and operations, but likely product integrations with multiple platforms. This session intends to bridge the gap by offering an intense learning experience while witnessing the processes and operations to build from zero to a simple, yet functional CI/CD pipeline integrated with Jenkins, Github, Docker and Azure...