@Risk

The nation’s electrical power grid is becoming increasingly interconnected through the internet, and while this technological sophistication provides significant benefits, it also comes hand-in-hand with considerable risk:

Enhanced interconnectivity means the power grid is now more vulnerable to cyber attacks.

Fortunately, researchers are now hard at work, designing safeguards to help protect the grid from computer viruses trying to wreak havoc on the system.

For instance, Errin Fulp, professor of computer science at Wake Forest University, is developing an army of “digital ants” that can scour computer networks looking for threats such as computer worms and self-replicating programs designed to steal information or facilitate unauthorized use of computers. When one of these digital ants detects a threat, it is designed to send for more ants to converge at that particular location, drawing the attention of human operators to investigate further.

“The idea is to deploy thousands of different types of digital ants, each looking for evidence of a threat,” Fulp said in a press release. “As they move about the network, they leave digital trails modeled after the scent trails ants in nature use to guide other ants. Each time a digital ant identifies some evidence, it is programmed to leave behind a stronger scent. Stronger scent trails attract more ants, producing the swarm that marks a potential computer infection.”
(more…)

Verizon released the latest edition of its Data Breach Investigation Report (DBIR) series last week, and the results are a rather interesting mixed bag.

On the one hand, the total data lost through cyber attacks decreased dramatically in 2010. However, the study also found that the overall number of breaches was higher than ever before.

According to Verizon, the seeming contradiction between the low data loss and the high number of breaches likely stems from a significant decline in large-scale breaches, caused by a change in tactics by cybercriminals. Apparently, cybercriminals now tend to engage in small, opportunistic attacks rather than large-scale, difficult attacks, and they are using relatively unsophisticated methods to successfully penetrate organizations. As Verizon points out, only 3 percent of breaches were considered unavoidable without extremely difficult or expensive corrective action.

Here are a few of the report’s key findings in more detail:
(more…)

Businesses today face IT security and compliance risks on several fronts. But, are they rising to these rapidly proliferating challenges?

New survey results from McAfee suggests that the answer to that question is unfortunately, a resounding, “No.”

The report, Risk and Compliance Outlook: 2011, commissioned by McAfee and conducted by Evalueserve, found that 41 percent of organizations are not well aware of or protected against IT security risks. In addition, the vast majority, 75 percent of respondents, are not confident that they will pass a regulatory audit, with more than half of organizations stating that they have already failed one.

The survey, which was conducted in Australia, Canada, France, Germany, New Zealand, Singapore, UK and US, also revealed that:
(more…)

Cybercrime is on the rise, and unfortunately, it’s a trend that shows no signs of slowing down.

In fact, a new report from McAfee and Science Applications International Corporation (SAIC) found that the cyber underground economy now makes its money on the theft of corporate intellectual capital, including trade secrets, marketing plans, research and development findings and even source code.

McAfee defines this intellectual capital as the “new currency of choice” and says that cybercriminals have discovered that there is great value in selling a corporations’ proprietary information and trade secrets which have little to no protection.

“Cybercriminals have shifted their focus from physical assets to data driven properties, such as trade secrets or product planning documents,” Simon Hunt, vice president and chief technology officer, endpoint security at McAfee, said. “We’ve seen significant attacks targeting this type of information. Sophisticated attacks such as s Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the of the largest, and seemingly most protected corporations in the world. Criminals are targeting corporate intellectual capital and they are often succeeding.”

The report, Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency, found that: (more…)

While the WikiLeaks saga is unfolding across the globe, it seems only fitting to take another look at risks in cyber supply chain security.

Unfortunately, though, the news is not at all reassuring –even among organizations that play a vital role to national security.

A new research report, released late last month by the Enterprise Strategy Group (ESG), found that many of the 18 industries designated as “critical infrastructure” by the United States Department of Homeland Security are woefully lacking in cyber supply chain security.

For example: (more…)