Archive for identity theft

The Top 10, Top 10 Predictions for 2017

2017.jpgThe time of year when crystal balls get a viewing and many pundits put out their annual predictions for the coming year. Rather than thinking up my own, I figured I’d regurgitate what many others are expecting to happen.

8 Predictions About How the Security Industry Will Fare in 2017 – An eWeek slideshow looking at areas like IoT, ransomware, automated attacks and the security skills shortage in the industry. Chris Preimesberger (@editingwhiz), who does a monthly #eweekchat on twitter, covers many of the worries facing organizations.

10 IoT Predictions for 2017 – IoT was my number 1 in The Top 10, Top 10 Predictions for 2016 and no doubt, IoT will continue to cause havoc. People focus so much on the ‘things’ themselves rather than the risk of an internet connection. This list discusses how IoT will grow up in 2017, how having a service component will be key, the complete mess of standards and simply, ‘just because you can connect something to the Internet doesn’t mean that you should.’

10 Cloud Computing Trends to Watch in 2017 - Talkin' Cloud posts Forrester’s list of cloud computing predictions for 2017 including how hyperconverged infrastructures will help private clouds get real, ways to make cloud migration easier, the importance (or not) of megaclouds, that hybrid cloud networking will remain the weakest link in the hybrid cloud and that, finally, cloud service providers will design security into their offerings. What a novel idea.

2017 Breach Predictions: The big one is inevitable – While not a list, per se, NetworkWorld talks about how we’ll see more intricate, complex and undetected data integrity attacks and for two main reasons: financial gain and/or political manipulation. Political manipulation? No, that’ll never happen. NW talks about how cyber attacks will get worse due to IoT and gives some ideas on how to protect your data in 2017.

Catastrophic botnet to smash social media networks in 2017 – At the halfway point the Mirai botnet rears its ugly head and ZDNet explains how Mirai is far from the end of social media disruption due to botnets. With botnets-for-hire now available, there will be a significant uptick in social media botnets which aim not only to disrupt but also to earn money for their operators in 2017. Splendid.

Torrid Networks’ Top 10 Cyber Security Predictions For 2017Dhruv Soi looks at the overall cyber security industry and shares that many security product companies will add machine learning twist to their products and at the same time, there will be next-gen malware with an ability to bypass machine learning algorithms. He also talks about the fast adoption of Blockchain, the shift towards mobile exploitation and the increase of cyber insurance in 2017.

Fortinet 2017 Cybersecurity Predictions: Accountability Takes the Stage - Derek Manky goes in depth with this detailed article covering things like how IoT manufacturers will be held accountable for security breaches, how attackers will begin to turn up the heat in smart cities and if technology can close the gap on the critical cyber skills shortage. Each of his 6 predictions include a detailed description along with risks and potential solutions.

2017 security predictions – CIO always has a year-end prediction list and this year doesn’t disappoint. Rather than reviewing the obvious, they focus on things like Dwell time, or the interval between a successful attack and its discovery by the victim. In some cases, dwell times can reach as high as two years! They also detail how passwords will eventually grow up, how the security blame game will heat up and how mobile payments, too, will become a liability. Little different take and a good read.

Predictions for DevOps in 2017 – I’d be remiss if I didn’t include some prognosis about DevOps - one of the most misunderstood terms and functions of late. For DevOps, they will start to include security as part of development instead of an afterthought, we’ll see an increase in the popularity of containerization solutions and DZone sees DevOps principals moving to mainstream enterprise rather than one-off projects.

10 top holiday phishing scams – While many of the lists are forward-looking into the New Year, this one dives into the risks of the year end. Holiday shopping. A good list of holiday threats to watch out for including fake purchase invoices, scam email deals, fake surveys and shipping status malware messages begging you to click the link. Some advice: Don’t!

Bonus Prediction!

Top 10 Most Popular Robots to Buy in 2017 – All kinds of robots are now entering our homes and appearing in society. From vacuums to automated cars to drones to digital assistants, robots are interacting with us more than ever. While many are for home use, some also help with the disabled or help those suffering from various ailments like autism, a stroke or even a missing limb. They go by many monikers like Asimo, Spot, Moley, Pepper, Jibo and Milo to name a few.

Are you ready for 2017?

If you want to see if any of the previous year’s prognoses came true, here ya go:

ps




The Dangerous Game of DNS

credit-card-perspective.jpg

The Domain Name Service (DNS) is one of the most important components in networking infrastructure, enabling users and services to access applications by translating URLs (names) into IP addresses (numbers). Because every icon and URL and all embedded content on a website requires a DNS lookup, loading complex sites necessitates hundreds of DNS queries.

And because of that, DNS is a precious target and only lags behind http as the most targeted protocol.

DDoS-ing DNS is an effective way to make the service unavailable. As the flood of malicious DNS requests hit the infrastructure, the service can become unresponsive if there is not enough capacity. Organizations can add more servers or turn to their cloud-based security provider for help. One of the strategies cloud-based security providers use to shield DNS is DNS redirection. Cloud providers will divert incoming traffic to their own infrastructure, which is resilient enough to detect and absorb these attacks. The success of this strategy however depends on how well the website's original IP address can be shielded. If the bad guy can find that IP address, then they can get around the protection.

So is DNS redirection effective? Researchers decided to find out.

Scientists from KU Leuven in Belgium built a tool called CLOUDPIERCER, which automatically tries to retrieve websites' original IP address, including the use of unprotected subdomains. Almost 18,000 websites, protected by five different providers, were part to the team's DNS redirection vulnerability tests. In more than 70% of the cases, CLOUDPIERCER was able to retrieve the website's original IP address - the precise info needed to launch a successful attack.

Researchers did share their findings with those cloud-based providers and have made CLOUDPIERCER freely available for organizations to test their own DNS infrastructure.

In another DNS scam, a new version of the NewPosThings PoS (point of sale, not…) malware is using DNS rather than http/https/ftp to extract data from infected PoS terminals. This is an interesting twist since most security solutions monitor http/https traffic for suspicious activity. Anti-virus doesn’t necessarily watch DNS and admins cannot simply turn off DNS since they need it to resolve hostnames and domains. Seems like a clear shot.

The newest version of NewPoSThings is nicknamed MULTIGRAIN and it only targets (and infects) one specific type of PoS platform: The multi.exe process, specific to a popular electronic draft capture software package. If the multi.exe process is not found the malware moves on. Once inside, the malware waits for the Track 2 credit card data and once it has the data, it encrypts and encodes it before sending to the bad guy via a DNS query.

The use of DNS for data exfiltration on PoS devices is not new and shows not only how attackers can adjust to different environments but also, that organizations need to be more aware of their DNS traffic for potential anomalies.

BIG-IP could also help in both instances.

For the redirection issue, BIG-IP or our Silverline Managed Service offers Proxy mode with DNS redirection. With Routed Mode, we offer BGP to Silverline then Generic Routing Encapsulation (GRE) tunnels or L2VPN back to the customer to mask the original IP address.

For the PoS malware, BIG-IP can utilize a DNS response policy zone (RPZ) as a firewall or outbound domain filtering mechanism. An RPZ is a zone that contains a list of known malicious Internet domains. The list includes a resource record set (RRset) for each malicious domain and each RRset includes the names of the malicious domain and any subdomains of the domain.

When the BIG-IP system receives a DNS query for a domain that is on the malicious domain list of the RPZ, the system responds in one of two ways based on your configuration. You can configure the system to return an NXDOMAIN record that indicates that the domain does not exist or return a response that directs the user to a walled garden.

rpz1.png

BIG-IP returns NXDOMAIN response to DNS query for malicious domain

rpz2.png

BIG-IP forwards DNS query for malicious domain to walled garden

DNS is one of those technologies that is so crucial for a functioning internet, especially for human interaction. Yet is often overlooked or seems to only get attention when things are broken. Maybe take a gander today to make sure your DNS infrastructure is secure, scalable and ready to answer each and every query. Ignoring DNS can have grave consequences.

ps

Related:




Plugging Data Leaks

dataharvest.png

Whether intentional or accidental, data leaks are a huge concern for organizations. And it has been for years. Going back to a 2004 survey from an IT security forum hosted by Qualys, found that 67% of security executives do not have controls in place to prevent data leakage, A December 2006 survey, Boston-based researchers Simon Management Group noted that some 78% of respondents said they were "very concerned" about data exposure. A 2010 article published by Trustwave on CSOonline.comsaid that 65% of leakage occurs due to the following combined methods: Microsoft SMB sharing, Remote Access Applications, and Native FTP clients.

And a recent informal survey conducted by the Avast Mobile Enterprise team at two healthcare technology events indicates that Data Leakage (69%) was the greatest security concern of Healthcare CISOs. Insider threats (34%) and Malware (28%) got silver and bronze.

Information seems to be the gold standard in today’s digital society and it comes in many forms. It can be personally identifiable information (PII) of customers or employees; it can be corporate or financial info; it can be litigation related; it can also be health care related and really, any data that should be kept secret…except from those who are authorized to view it.

According to Cisco, some risky behavior by employees can aggravate the situation. Areas included:

  • Unauthorized application use: 70% of IT professionals believe the use of unauthorized programs resulted in as many as half of their companies' data loss incidents.
  • Misuse of corporate computers: 44% of employees share work devices with others without supervision.
  • Unauthorized physical and network access: 39% of IT professionals said they have dealt with an employee accessing unauthorized parts of a company's network or facility.
  • Remote worker security: 46% of employees admitted to transferring files between work and personal computers when working from home.
  • Misuse of passwords: 18% of employees share passwords with co-workers. That rate jumps to 25 percent in China, India, and Italy.

How can you reduce and mitigate some data leakage risks? BIG-IP can help shore up some areas.

The overall category of Data Loss Prevention (DLP) is a multi-faceted area of security that encompasses securing data storage, data transmission, and data in-use. Specifically, BIG-IP ASM focuses on the protection of data in-flight. For instance, ASM’s DataGuard is a method of protecting against SSN or CC# information from leaking out of back-end databases but ASM’s benefits in a DLP strategy extend well beyond that. DLP is concerned with unauthorized access to any private data, whether confidential personal or corporate information. ASM provides comprehensive protection against unauthorized back-end database access, by preventing the exploit of well-known vulnerabilities such as XSS, SQL-injection, cookie poisoning, etc. If you can’t even reach the info, less likelihood of it leaking.

No single product is going to provide a comprehensive, all inclusive DLP solution. HIPAA, PCI, and other regulatory standards are focused almost entirely on DLP. BIG-IP ASM, as a WAF, provides a vital part of any overall DLP solution in today’s security-conscious environment.

ps

Related:




Time It Takes the Fingers to Remember a New Password? About 3 days

Posted in security, silva, authentication, cybercrime, identity theft, human behavior, access by psilva on March 18th, 2016

unpw.jpg

Recently I changed some of my passwords. Some due to typical rotation time and a couple due to potential breaches and encouragement from the affected site. No, I’m not going to tell you which ones or how I go about it but I noticed that it took about 3 days for my fingers to key the correct combination.

This has probably happened to you too, where after changing a password, you inadvertently enter the old password a number of times since that is what the fingers and hands remember. Yes, I’m sure many of you have password keepers (which have also been breached) locked by a master and I use one too, but for many of my highly sensitive passwords, I keep those in my head.

As I continued to enter the old password for a couple days only to correct myself, I started thinking about habits and muscle memory. Some adages talk about it taking about 30 days (66 days in this study) to either pick up or drop a habit if done daily. Want to keep an exercise routine? Do it daily for a month and you are more than likely to continue...barring any unforeseen circumstances.

And then there’s muscle memory. Things like riding a bike, signing your name, catching a ball or any repetitious, manual activity that you complete often. Your muscles already know how to do it since they’ve been trained over time. You do not need to think about, ‘OK, as it gets closer, bring your hands together to snag it from the air,’ it just happens. This is one of the reasons why people change or update certain exercise or resistance routines – the muscles get used to it and need a different approach to reach the next plateau.

I wondered if anyone else had thought of this and a quick search proved that it is a bona fide technique for password memory. Artists like musicians use repetitive practice for scale patterns, chords, and melodic riffs and this trains the muscles in the fingers to 'remember' those patterns. It is the same notion with passwords. Choose a password that alternates between left and right hands that have some rhythm to it. After a bit, the hands remember the cadence on the keyboard and you really do not need to remember the random, committed numbers, letters or Shift keys pounced while typing your secret. This is ideal since only your fingers remember not necessarily your mind.

Granted, depending on how your head works this technique might not work for everyone but it is still an interesting way to secure your secrets. And you can brag, 'If you break my fingers, it'll wipe the device.'

ps

Related:




My Blog Roll 2015

It’s that time of year when we gift and re-gift, just like this text from last year. And the perfect opportunity to re-post, re-purpose and re-use all my 2015 blog entries. If you missed any of the 89 attempts including 59 videos, here they are wrapped in one simple entry. I read somewhere that lists in blogs are good. I broke it out by month to see what was happening at the time and let's be honest, pure self-promotion.

Thanks for reading and watching throughout 2015.

Have a Safe and Happy New Year.

Jan 2015

Feb

March

April

May

June

July

August

September

Oct

Nov

Dec

And a couple special holiday themed entries from years past.

ps

Related

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



Identity Theft: Not So Scary Anymore

Posted in security, silva, privacy, cybercrime, identity theft, humans, risk by psilva on November 17th, 2015

This article originally appeared on F5.com on 10.20.15.

With Halloween in our rearview mirror and the holiday shopping season upon us, a couple surveys are out examining our fears and in particular, our concerns about identity theft. Apparently, ID theft is not so scary anymore - like entering a haunted house for the hair-raising screams but walking out with nervous giggles.

Over at Bankrate.com, only 54% of surveyed tricksters says they are somewhat or very frightened of ID theft. That's down 80% from those who expressed the same level of concern back in 2008. Almost half, 43%, claim they have little or no fear, trouncing the 19% who were brave in 2008. This is all while the overall victim count remains at similar levels - 12.5 million in 2008 verses 12.7 million in 2014 according to Javelin Strategy & Research. As far as knowing someone who has been hit, 46% say they or a friend has been a victim compared to 34% in 2008.

They chalk it up to people being desensitized to breaches due to the almost weekly confessions of data intrusions. The general feeling is that if large retailers, health care providers and credit agencies can't keep my data safe, how can I. More of those same folks however are also following some good advice of shredding sensitive documents (72%), checking their credit report regularly (56%), avoiding insecure WiFi (54%) and almost 20% have frozen their credit files. These are all good ways to help you worry less.

And Chapman University published their Survey of American Fears, Wave 2 (2015) examining the fears of average Americans. The domains of fear include areas like crime, natural and man made disasters, personal anxieties, environment, technology and others. Along with the corruption, terrorism and warfare, identity theft comes in at 39.6% and credit card fraud sits at 36.9%. Both in the Top 10.

Top10Fears.jpg

So, while ID theft is still one of our top fears, by the time you get to Nightmare on Identity Street 4, Freddy isn't so freighting and you have some tools to deal with him.

Besides, your insecure connected kettles could be exposing your WiFi passwords without your knowledge. Now that's scary!

ps

Related

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



Healthcare in the Crosshairs

Posted in security, f5, silva, identity theft, compliance, medical, healthcare by psilva on April 1st, 2015

Is Healthcare the new Target?

bullseye-target.jpg

Recently I've received a number of 'I am writing to inform you that we were the target of a sophisticated cyber attack and some of your personal information may have been accessed by the attackers..' letters for myself and my family. I especially hate the ones that start, 'To the parents of...' because my daughter has a rare genetic condition. You probably got one of these letters too since the Anthem breach could have disclosed medical records for as many as 80 million people.

Medical identity theft is big business and has become a huge target over the last few years. The attackers are not really interested in that sprained ankle or those 25 stitches from last summer. They want the personally identifiable information. Names, addresses, birthdays, and social security numbers. Stuff you can actually use to open accounts, commit insurance fraud and create fake identities - using real information. Healthcare info also goes for a premium on black market sites. One expert noted that recently that at one underground auction, a patient medical record sold for $251 while credit cards are selling at .33 cents. With all the recent retail breaches, credit cards have flooded the underground, plus they can get cancelled quickly. I also know that fraudsters are already trying to entice people with fake emails and calls regarding the breaches - I've gotten a bunch of them recently. More than ever, do not click the email link unless you're expecting something.

The interesting phenomenon for me is all the identity theft protection offerings from various credit bureaus. One breach, sign up here...another breach, sign up there. It is important to take advantage of the services to stay alert on your identity but you also have to include the very same sensitive info that was just compromised to yet another entity. I'm waiting on the breach of one of these identity protection sites. I mean the thieves must be thinking, 'well, we missed them in the medical grab but maybe we can get them through the protection app.'

According to Ponemon Institute, about 90% of healthcare organizations have reported at least one data breach over the last two years with most due to employee negligence or system flaws but more, as we've seen recently, are due to criminal behavior. Certainly, there will be more of these healthcare hiccups in the coming years especially with the push to digitize medical records. Great for patient access but a huge risk for unauthorized peeks. With the Premera breach hot on Anthem's heels, I hope providers are getting the message that the bad guys are coming for ya.

ps

Related

.

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



Moving Target

Posted in security, f5, silva, banking, cybercrime, identity theft, id theft, people, access, moving by psilva on May 21st, 2014

I moved recently. Not too far away nor to a different state, just the other side of town. It is simultaneously exhilarating and exhausting. Most people in the U.S. moving during the summer. Kids are out of school, the weather is mostly nice, friends might be available to help and you are settled in for the holidays. And while you are worrying about packing, movers, mail and all the other check lists, your identity is ripe for the picking.

The increased risk of identity theft during a move is because personally identifiable information is being shuffled around from one home to the next. At the same time, buyers and renters are preoccupied with the move and can forget to protect their sensitive documents. You may lock up or personally carry your jewelry, checkbook and other 'valuables' but your personal information might be unprotected and targeted during a move.

If you are moving this summer like I just did, there are a few things you can do to minimize the risk. While most moving sites have 'Change of Address' as their top protection mechanisms (which we'll get to), I feel that shredding old bills, receipts and financial info is critical. First, you might not want to drag all that old paperwork with you, especially if you are paying by the pound but more importantly, shredding important documents can prevent thieves from finding any information in your trash. Old-skool dumpster diving is still a viable method to steal personal information. You also might not want the movers themselves to have access to those documents, particularly if you are having them help pack. I was fortunate to find reputable movers but mover fraud is becoming more commonplace in the U.S.

Mail call! What? Oh yea, Change of Address. Seems like a no brainer, filling out a postal change of address but it is also important. Make the change with all the companies, financial institutions, magazines, and other organizations that regularly send you mail. Identity theft is often carried out by stealing mail. The folks who move into your old house might not steal your identity, but they will most likely throw away mail that isn’t theirs, and they won’t necessarily take the care to shred it as you would. If your mail continues to be delivered to your old address, it might be left on the doorstep or in an unlocked mailbox, making it very easy for anyone to walk away with it.

Lock down your electronics. Many households have multiple computers now including tablets, mobile phones and other 'things' storing sensitive information. These are a treasure trove. You can carry/pack yourselves and make sure they are always in your possession or password protect and place in a slightly unmarked box. Maybe label it as 'dog food' and the crook, movers or otherwise, just might pass it over. If you plan on donating or recycling your old computer(s), make sure you totally erase the hard drive since criminals can easily retrieve those files and sue them for no good. Slightly related to this, I recently bought a refurbished Blu-ray player with various streaming services. I wanted to replace the one we broke with the exact same one but they stopped making that model. When it arrived, I went in to configure our Netflix account. So I clicked the Netflix icon and it loaded fine. Wait a minute, that's not my Instant Que. Whoever had the unit prior to me, still had their Netflix saved and I could see all their viewing habits. Old episodes of Leave it to Beaver and Attack of the 50 Foot Cheerleader.

And keep an eye out for yourself before, during and after. Check credit monitoring if you have it; your credit report a few months later for anything suspicious; that all your mail is arriving intact; that all your household items are accounted for; and we often leave cars, garages, and other entrances wide open when moving so keep an eye there, if the location warrants.

Physical items can be used to create digital identities and while we may read about ID theft topics when computer breaches are reported, the physical realm is still ripe with fraudsters. Everything is game nowadays but you can take physical and digital action to stay safe when you are finally home sweet home.

ps

Resources:

 

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



Uncle DDoS’d, Talking TVs and a Hug

Posted in security, f5, application security, silva, privacy, DoS attack, cybercrime, identity theft, RFID, iot by psilva on May 14th, 2014

Information security is one of those areas where a lot is always happening. From breaches to vulnerabilities to scams to anything else that's designed to store, protect or even attack and pilfer our sensitive information, information security encompasses a lot of things. A Three Ring Circus, Three Little Pigs, The Three Stooges and when three different stories grab my attention, well I just gotta share.

SCMagazine.com had an interesting story yesterday talking about how two servers designed to prevent DDoS attacks were, themselves, used in a DDoS attack. Incapsula reported that it had to fend off a sizable DDoS attack that was launched using high-capacity servers hijacked from a DDoS protection services provider. The attack itself was against an online gaming site and the attackers actually hijacked and commandeered two high capacity servers from a DDoS protection service provider to spearhead the attack. The service provider was so focused on incoming traffic, they had to be notified to take a look at the massive outgoing traffic being sent. While the DDoS protection market has grown with many outsourcing solutions, it is still a shared service. Remember the old tiered-hosting-separated-by-a-partition days? Even if you are not the target, you still might be caught up in it if your neighbor is.

Next up is security experts at NCC Group said SmartTVs with built-in microphones and storage can be turned into bugging devices by malware and used to record conversations. Not to mention remotely turning on the TV camera at will. They did need physical access to the TV to install the malware but as more TV apps get developed, it is conceivable that a malicious app could be downloaded to the TV for the same purpose. They demonstrated how they could capture 30 seconds of buffered mic audio but could have also manipulated more to use internal storage and send the audio files to an awaiting server. NCC engineers wanted to highlight the security shortcomings on the home front of the Internet of Things. Start to get used to no privacy in the privacy of your home.

And last but certainly not least, Thieves steal ID and credit card data with a hug. OK, I'm Hawaiian and we are a bunch of huggers so this is interesting. Apparently a Georgia woman was approached at a gas station by another woman begging for some money so she could put gas in her car. The kind, generous woman gave the crooked lady $20. With a full Oscar nominated performance, the crooked lady wept with joy and wanted to thank the generous one with a hug. Embrace ensued. So touched by the gesture, the man with the crooked lady got out of the car and also wanted to physically thank the Samaritan. The next morning she realized why they wanted to hug her when she discovered that $3000 was gone from her bank account. $2400 from a grocery store and another $200 plus from ATMs. The thieves got close so they could scan her for RFID enabled cards. She had her credit cards in her front pocket and was scanned during the not so loving embrace. Well that sucks. The cool thing is that the woman is not jaded and will continue to help others. Nice.

And to those I know: If we typically hug when we see each other, I promise won't be scanning your pockets.

ps

Related

 

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



The Reach of a Breach

It comes as no surprise that the CEO of Target has resigned in the wake of their massive data breach. The 2nd executive, if I remember correctly, to resign due to the mishap. Data breaches are costly according to the most recent Ponemon 2014 Cost of Data Breach Study: United States and the main reason for the steep increase in costs is 'the loss of customers following the data breach due to additional expenses required to preserve the organization's brand and reputation.' The cost of each lost or stolen record, on average, increased from $188 to $201 per record from 2012 to 2013 - a 9% increase.

But that's not all, In 2013, there appeared to be 'an abnormal churn rate' of 15% of customers abandoning companies, especially those in financial services, hit by a breach says Ponemon. I'm always curious about that. I usually avoid stores that have been recently compromised wondering if something is lingering yet think, they gotta be on high alert, especially with law enforcement involved. Maybe it's as safe as it ever will be.

A recent Courion survey of IT security executives showed that 78% of respondents say they're anxious about the possibility of a data breach at their organization. If there were a massive security breach at these companies, 58.8% said 'protecting the privacy of our customers' would be top priority and 62.7% would lament about 'negative publicity affecting the company brand' due to the breach. Maybe that's the problem. They're more worried about their image than they are of protecting our info. It's the 58.8% you want to shop at.

Reaching for more, Symantec’s Internet Security Threat Report (ISTR), Volume 19, shows a big change in cybercriminal habits, revealing the bad guys are plotting for months before pulling off the huge heists – instead of popping quick hits with smaller bounty. One big is worth fifty small. In 2013, there was a 62% uptick in the number of data breaches exposing more than 552 million identities. That's about 10% of the planet's population, give-or-take.

And finally, there have been a few companies that have gone out of business due to a leakage but a few months ago a data breach also closed some Seattle area Catholic schools. According to the Seattle Archdiocese, at least three Roman Catholic parishes and the Archdiocese’s chancery offices had been targeted by a tax-fraud scheme. In order to allow those who were victims time to contact the appropriate institutions during school hours, they cancelled classes. How's that for reach.

ps

Related:

 

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]




« Older episodes ·