This page contains a Flash digital edition of a book.
2011 in Numbers


what purpose have been confl icting at times, one point seems to be consistent: rather than being a cyber weapon – as in the case of its Stuxnet predecessor – Duqu seems to be a tool of cyber espionage intended to gather information on key targets. Somewhere, Mr O’Neill must have fl ashed a rather tempered smile when reading about this development.


The past year has been labeled by some (this magazine included) as the ‘Year of the Hack’. While the number of records is not always an indicator of how damaging a breach can be, following are last year’s largest data loss incidents according to the number of records compromised. It’s also interesting to note that of the world’s 10 largest known data loss incidents by number of records, four of them occurred in 2011. All of these were the result of alleged hacking incidents.


Organization Sony Corp. Tianya


SK Communications Steam (Valve, Inc.)


Sony Online Entertainment 7k7k


Care2 Nexon Korea Corp.


Number of compromised records


77,000,000


40,000,000 35,000,000


35,000,000 24,600,000 20,000,000 17,900,617 13,200,000


(Note: the Epsilon data breach is not included because the total number of records is not yet known)


Source: Open Security Foundation, datalossdb.org (2012)


they would be “potentially long range in their information gathering”. So when, as some described it, Stuxnet gave birth to a new son christened Duqu, this transition had a name and face. While reports over who created Duqu and for


8


Same Old, Same Old APT, cloud, mobility, social media – rinse, lather, repeat. It sometimes seemed as if organizations and individuals offering up their insights into 2012’s threat landscape had used the same template, but just changed the words around a bit. The fi rst on our list of the most repetitive predictions is that of the increasing likelihood of advanced persistent threats. Listing a number of commentators who have highlighted this as a trend in 2012 would be a pointless endeavor – there are simply too many. Important to have on your radar? Yes. New for 2012? Hardly.


In short, if your


organization has information of any value (and most do), then you are a target for APTs. It’s just like saying that if you have devices connected to the internet, then they are susceptible to malware. Some threats rise to the level of constants no matter their


importance, but this does not necessarily make them new and worthy of a ‘predictive’ status. If I know it has rained in the past, and that it will rain in the future, then would it be news if I were to say it will likely rain this year? You can be the judge of that. Consumerization meets BYOD meets Android: a legitimate concern, but one that has been highlighted by many observers, including Lumension’s forensic analyst Paul Henry. He says enterprises will increasingly rely on BYOD to improve productivity and effi ciency, but with little concern for security. Add to this Android’s ascendancy to the top spot among mobile operating systems, and it creates what Henry has called “a perfect storm for hackers”. Because the Android market does not perform security screenings of its applications (as of this writing), he expects the explosion of malware affecting the operating system to continue right through 2012. Henry has plenty of company regarding this assessment.


Numerous vendors have made the same appraisal when it comes to the danger of mobile devices within the enterprise. Among these are Blue Coat Systems, Guidance Software, and AppRiver, just to name a few. But we couldn’t help but be entertained by Vigil Software’s description of the mobile threat as being “the soft under belly that hackers will fi nd irresistible”. Kudos to the people at Vigil for paying attention to their Churchill lesson during history class. Paul Henry’s colleague at Lumension,


the fi rm’s CEO Pat Clawson, touched upon another common theme in our survey of predictions: the diffi culties organizations will face in protecting virtual and cloud environments. Again, the threats are real, but as far as predictions go, this is so 2011. Clawson is not alone by continuing to bring up the importance of securing organizations’ migration to the cloud. Richard Moulds, vice president of product strategy at Thales e-Security, sees the convergence of cloud and compliance causing some real movement on the encryption front in the near future. This


January/February 2012


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60