Free Online Article Directory. For Article Authors & Publishers
How Sophisticated Are The Cyber Thieves Who Breach Security?
Why is it; whenever there is a breach of a company's security it is always attributed to the work of sophisticated cyber criminals? Is this because it really does take a sophisticated criminal to breach an environment these days or do victims prefer to characterise the cleverness of the criminal rather than the weakness of the security environment?
The Verizon RISK team issue an annual breach report which summarises all of the breaches they and the US Secret Service have investigated over the last year. According to their 2010 report 96% of the breaches they investigated could have been avoided by the implementation of either simple or intermediate controls - an increase of 9% over the preceding year. Not only that, but the report authors considered 85% of the attacks as not being highly difficult to implement.
What do they mean by simple or intermediate controls? Elsewhere in the report they state that 79% of breaches were at merchants who hadn't been assessed as compliant to the Payment Card Industries Data Security Standard (PCI DSS), which perhaps provides a clue to at least some of controls which fell under this description.
Even though PCI DSS compliance is targeted at merchants handling payment card details, it can still be used to provide a framework of useful controls to consider when creating a secure environment. Don't forget, cyber thieves will take whatever data they believe they can use; names and email addresses seem to be in vogue at the moment.
Checking the Open Web Application Security Project (OWASP) which maintains a list of the top ten risks and vulnerabilities a web environment can be exposed to, one would expect this new wave of sophisticated attacks to show up on the new 2010 list. Surprisingly, the vulnerabilities here have been pretty static. In fact SQL Injection recently celebrated its status as a top 10 risk for the period of 10 years on the list.
Ironies of ironies, only this week a leading web application security company announced a successful SQL injection attack against its corporate web site which just goes to show we all need to be vigilant and practice what we preach.
Back to the Verizon report and the authors report that only 21% of organisations who were breached had developed and maintained secure systems and applications as required by PCI DSS compliance. This part of the standard requires that payment solutions and applications have been securely developed and tested against a set of known vulnerabilities such as the OWASP Top 10. So if organisations still aren't protecting themselves from well-known vulnerabilities why would a cyber thief need to develop these new sophisticated tools?
So perhaps we really only do hear about these highly sophisticated attacks - there certainly are some clever hackers out there; but before throwing up our arms in despair we should also heed some of these other less well publicised statistics and prepare our environments to defend against the less sophisticated attacker. Reducing our risk down to only the top 4% of attackers seems like a good idea to me.
Free anonymizing proxies are readily available all over the Internet. There are shows that you install on your computer to access these proxies as well as there are proxies that you can access over a webpage.
VPN services use sophisticated technologies to provide anonymity and information protection for users. They make it possible for users in foreign nations to accessibility content that might be restricted.
On home computer networks, info can easily be protected by encryption. Encryption indicates changing the data by having a scrambled strand of nonsense.
VPN services are extremely common and there are quite a couple different providers offering you various variations of them. Of course, this begs the question: Why would I even require one of these services?
VPN services provide a method to protect the privacy. The fascinating thing regarding exactly how these networks work is that the privacy security carries out additional than you may think initially.
During this holiday season, is it better to give or receive? For identity thieves, it's neither; they prefer to take; and their latest hunting ground for victims is Facebook. Having surpassed 800 million users worldwide, there is plenty of targets on Facebook for crooks to go after. Knowing how they go about their schemes will help you be more informed about protecting yourself on Facebook.
Today we hear confirmation about a breach of the Sony Playstation Network with the loss of millions of account names and personal details and potentially the loss of payment card details such as the payment card number and Expiry dates, but excluding the security code.
Why is it: whenever there is a breach of a company's security it is always attributed to the work of sophisticated cyber criminals? Is this because it really does take a sophisticated criminal to breach an environment these days or do victims prefer to characterise the cleverness of the criminal rather than the weakness of the security environment?
Transponder keys becoming more and more technically advanced. The keys provide a signal between the key and the lock By using transponder keys and locks you can help prevent auto theft.
![[Valid RSS feed]](http://www.articlelisted.com/images/icon_Rss.png "XML Feed For RSS"){kind=icon}
Luben Solev's Author Feed
Print This Article
Add To Favorites 