Here are a few interesting statistics and quotes from the Symantec
Internet Security Threat Report 2013.
1. Healthcare, education, and
government accounted for nearly two-thirds of all identities breached in 2012
2. The vast majority (88 percent)
of reported data breaches were due to attacks by outsiders. But it is safe to
assume that unreported data breaches outnumber reported ones.
3. Whether it is lost laptops,
misplaced memory sticks, deliberate data theft by employees or accidents, the
insider threat also remains high.
4. As expected, the amount of
mobile malware in 2012 continues to rise. 2012 saw a 58 percent increase in
mobile malware families compared to 2011.
5. Those jobs most targeted for
attack in 2012 were knowledge workers who create the intellectual property that
attackers want (27 percent of all targets in 2012) and those in sales (24
percent in 2012). Interest in targeting the CEO of an organization waned in
2012; those attacks decreased by 8 percent.
6. Fifty percent of mobile malware
created in 2012 attempted to steal our information or track our movements.
7. Last year’s data made it clear
that any business, no matter its size, was a potential target for attackers.
This was not a fluke. In 2012, 50 percent of all targeted attacks were aimed at
businesses with fewer than 2,500 employees. In fact, the largest growth area for
targeted attacks in 2012 was businesses with fewer than 250 employees; 31
percent of all attacks targeted them.
8. In September, the FBI issued a
warning to financial institutions that some DDoS attacks are actually being
used as a “distraction.” These attacks are launched before or after
cybercriminals engage in an unauthorized transaction and are an attempt to
avoid discovery of the fraud and prevent attempts to stop it. In these scenarios, attackers target a
company’s website with a DDoS attack. They may or may not bring the website
down, but that’s not the main focus of such an attack; the real goal is to
divert the attention of the company’s IT staff towards the DDoS attack.
Meanwhile, the hackers attempt to break into the company’s network using any
number of other methods that may go unnoticed as the DDoS attack continues in
the background.
And
here is the best one of all. I can say
that to some extent Alvaka just helped a firm out of deep trouble with a
situation similar to this:
·
Creating
successful targeted attacks requires attackers to learn about us. They will
research our email addresses, our job, our professional interests, and even the
conferences we attend and the websites we frequent. All of this information is
compiled to launch a successful targeted attack. Once on our devices, the
attacker’s tools are designed to pull as much data as possible. Undiscovered
targeted attacks can collect years of our email, files, and contact
information. These tools also contain
the ability to log our keystrokes, view our computer screens, and turn on our
computers’ microphones and cameras. Targeted attackers truly act as an
Orwellian incarnation of Big Brother.
Click here for the full internet
security THREAT REPORT 2013
Smoke testing is a term used to describe the testing process for servers after patches are applied. 
Estimating an average time for patching servers and PCs can be a bit tricky. It can vary from one month to the next, depending upon the number and complexity of the patches released by your software vendors. You must consider all versions of operating systems and have a complete inventory of all your application software to do this job correctly. Our experience has shown that manual patching of systems takes on average of about 1.5 hours each.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.