Archives For attack

Anonymous – just in the past few days these events have either happened or been announced as threats.  As I prepare to speak at a luncheon for technology managers in the Northeast this week, it is clear that the trends are changing – information theft is still a huge problem, however, Anonymous clearly dominates the cybercrime headlines with their hacktivist agenda.  As you work with your clients, “briefings” on what actions companies should be taking, should be forefront in your mind.  Especially if you call on larger accounts, it makes sense to educate business leaders on the trends we are seeing here, the types of activities that might be targeted by such a group, and what defense systems must be deployed to counter such an attack.  It’s clear that putting up a firewall doesn’t work.

1. Facebook threat – Nov 5th…we’ll see what happens! – protest over privacy concerns.

2. Fullerton Polica (California) – announced attack over homeless man’s death

3. Bart (San Francisco) train system…shut down due to protest

4. Operation Britain – scheduled for Oct 5 in response to Governments “Iron fist”

5. Syrian Ministry Of Defense Website Hacked By ‘Anonymous’ for brutality

6. 7.4 GB file with emails and personal information from 56 different law enforcement agencies

Advertisements

They all say they’ve got it covered…no one does!  Here is a summary article from one of my contacts at DiData…great info, thanks Matt.

http://www.msnbc.msn.com/id/37115813/ns/technology_and_science-security/#storyContinued

Summary:

  • “Our systems are probed thousands of times a day and scanned millions of times a day,” – speaking of government defense systems…
  • “We are experiencing damaging penetrations — damaging in the sense of loss of information. And we don’t fully understand our vulnerabilities,” – Now I feel safe!
  • Hackers have already penetrated the U.S. electrical grid and have stolen intellectual property, corporate secrets and money, according to the FBI’s cybercrime unit. In one incident, a bank lost $10 million in cash in a day. (Yet your clients all have it covered!)
  • “We’re talking about terabytes of data, equivalent to multiple libraries of Congress.” – (But those in the SMB don’t need to worry – right!)
  • United States military would need to prepare for fallout from a cyber attack, which could leave cities in the dark or disrupt communications. – (If you don’t offer DR planning, you might reconsider)

When your clients say, “We’ve got it covered”, remember, most are just ignorant, some are lying.  Don’t take no for an answer – instead educate them on what is really going on, and drive forward with the sale.  Take advantage of my latest ebook on selling through assessments… it’s free!  http://www.stelzl.us/training/CreatingSales.pdf

© David Stelzl, 2010

Share

Yes, China and Google are dominating the news with filtered searching and email break-ins.  This is bad for cloud computing as noted in my Saturday post.  Keep your eyes on this as you talk with clients about cloud computing options.  The fact is, you can’t trust your data with someone else at this point and the big clouds are the big targets…it will always be that way.

On the tech page of USToday I found this article on do-it-yourself hacking kits.  This is pretty cool; for only seven or eight hundred dollars you can purchase the software along with instructions (probably better instructions than those provided with the software I buy), to hack into just about anything.  That means that disgruntled customers can attack providers they use for just about anything when they feel they’ve been ripped off.  The key tools are bots downloaded to systems through links passed on through email.  The topics could be anything of interest – we’re closing in on tax season, so expect this to be at the top of the list.

Experience needed?  All you need is the ability to download music or video to a computer.  In other words, hackers have commoditized the industry, making it available to just about anyone.  Helping companys with this is an opportunity, especially in the SMB market where security defense continues to be very week.  Also in the regional banks, I expect this to increase attacks on online banking, and these smaller banks are not well equipped to defeat this type of attack.  Check out the article and pass it on to your clients…

http://www.usatoday.com/tech/news/computersecurity/2010-01-17-internet-scams-phishing_N.htm

More data is under attack than you realize…or at least your prospects realize.  This study shows that corporations are under attack every day.  But as with many of the breaches reported over the past year, it often takes companies a long time to discover the problem.  This comes from SC Magazine, July 16, 2009.  Learn the sound bites and use them.

  • 92 percent of respondents said that their company’s data has been attacked in the past six months.
  • CEOs are often more confident about their organization’s ability to prevent data breaches than are other executives
  • CEOs are likely more optimistic about their organization’s struggle to protect data because they have passed off those responsibilities to others
  • Part of the disparity in perception also may arise because employees do not always give CEOs the whole story of what is going on with respect to data loss

Two take-aways from this study are: Most companies really are under attack whether they realize it or not, and senior management is usually the last to know, making it harder to get budget approval.  Getting to the asset owners, people with liability, is a critical part of the security sales process.  Without their support, IT will continue to say, “We’ve got it covered”.  After all, their reputation is at stake.

Read more at: http://www.scmagazineus.com/Report-Data-attacks-more-frequent-than-CEOs-think/article/140117/?DCMP=EMC-SCUS_Newswire

The Wall Street Journal today, reports on attacks on US power grids – well not actually attacks, but infiltration. Apparently someone has gained access and has left evidence.  It would be ignorant to think that this is the first time anyone has figured out how to access these systems or to think that we can always detect unauthorized access.  The truth is, US infrastructure is connected to power grids, nuclear facilities, and other critical infrastructure and a disruption would not be difficult.  Will 17 billion dollars of stimulus money fix the problem?  Only if those working on the problem really understand security (reference an early post about government contract workers and their lack of security expertise).

Using risk to drive new projects is powerful because it is urgent and because even the most sensitive systems are accessible when not properly secured.  It makes sense for every company to be measuring risk and for these assessments to be done on a regular basis.  Stop asking companies if they need security, and start showing them where they are vulnerable.  The linked WSJ article is just one more sound bite to drive home your point.

http://online.wsj.com/article/SB123914805204099085.html