Government Technology

Security Threat Update



May 18, 2009 By

2008 saw a dramatic spike in security breaches resulting in millions of compromised records. This could be spurred by economic troubles, or perhaps online crime is just an easy target.

For example, the average bank robbery will net about $3,000 -- with a fairly good chance of going to prison or even being shot.

Now compare the use of a botnet to commit an online crime. On average, such thefts make $5,000 a week, with very little chance of being caught and even less chance of being injured or killed. Not to mention, you can do this from the comfort of your own living room. Which option is more appealing?

With statistics like these, it's no wonder thieves are turning to online crimes. Internet crime has grown exponentially in recent years and trends show that it will continue in this direction until we change the way we think about security.

In a recent security threat update, Don Hewatt of Verizon Business explained that highly organized crime circles are responsible for the majority of security breaches. In Verizon's recently published 2009 Data Breach Investigation Report, it is estimated that 285 million records were breached in 2008, which is more than the past four years combined. Over 90 percent of those compromised records were attributed to organized crime networks. Attacks and breaches are becoming very complex in nature. A new trend shows that there is a rise in custom malware which targets specific assets. And what do criminals do once they obtain this data? Usually it is handed over to another "tier" in the criminal hierarchy, making it even more difficult to catch those involved in these types of crimes.

While hacking, phishing and SPAM still remain as external threats, data breaches can also be instigated by internal sources. In fact, even though most data breach cases were perpetrated by external sources, internal breaches account for more total compromised records. Disgruntled ex-employees and rogue IT technicians can prove to be a serious threat to data security and must be mitigated by close monitoring of event logs.

State and local government agencies are especially rich targets because they store an immense amount of data online. As more government services become available online, the more at risk that data becomes. Hackers are opportunistic; they will go where the money is. In this case, money can be in the form of personal information such as Social Security numbers, accounts numbers or addresses and phone numbers. But the threats don't stop there. Increasingly, security professionals are seeing the results of hacking at the national level, which becomes a treat to national security.

Hewatt said, "technology is not always the answer." The report shows that nearly nine out of 10 breaches were considered avoidable if security basics had been followed and that it's not the lack of technology that allowed these breaches, but the lack of policies and processes that actually created the opportunity for these criminals to act. There are things that agencies can do to make themselves less vulnerable. Some recommendations were:

  • Technology is not always the answer -- do not use products as a replacement for better processes.
  • Find, track and assess data. Know exactly what data you have in your possession and where exactly it is stored -- eliminate unknowns.
  • Prioritize security-- find out what needs what needs to be patched immediately and stay updated when new patches become available.
  • Have internal resource experts -- employees who multi-task have divided attention.


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Maintain Your IT Budget with Consistent Compliance Practices
Between the demands of meeting federal IT compliance mandates, increasing cybersecurity threats, and ever-shrinking budgets, it’s not uncommon for routine maintenance tasks to slip among state and local government IT departments. If it’s been months, or even only days, since you have maintained your systems, your agency may not be prepared for a compliance audit—and that could have severe financial consequences. Regardless of your mission, consistent systems keep your data secure, your age
Best Practice Guide for Cloud and As-A-Service Procurements
While technology service options for government continue to evolve, procurement processes and policies have remained firmly rooted in practices that are no longer effective. This guide, built upon the collaborative work of state and local government and industry executives, outlines and explains the changes needed for more flexible and agile procurement processes.
Fresh Ideas In Online Security for Public Safety Organizations
Lesley Carhart, Senior Information Security Specialist at Motorola Solutions, knows that online and computer security are more challenging than ever. Personal smartphones, removable devices like USB storage drives, and social media have a significant impact on security. In “Fresh Ideas in Online Security for Public Safely Organizations,” Lesley provides recommendations to improve your online security against threats from social networks, removable devices, weak passwords and digital photos.
View All

Featured Papers