War...Huh! What is it good for? Absolutely SOMETHING! The question on everybody's mind "When will it end?" is now slowly changing to "How will it end?". A security professional lives more like a life of a soldier fighting at the border, only difference is, the enemies shoot syn packets at our computers which bleeds from their open ports. Once bled, they keep shooting all kinds of probes untill its hacked or all bled out (DoS).

An evident fact in our cyber society is that the "Bad" is always good at keeping the "Good" from letting the "Bad" do bad and the "Good" is always bad at keeping the "Bad" do any worst. Sounds like a tounge twister but you might argue what makes me say that, well take a look at some facts -

  • In just the first half of 2010 Symantec has already created 1.8 million new malicious code signatures and has identified 124 million distinct new malicious programs.
  • In July 2009 just more than 9% of spam e-mails used shortened URLs to disguise the true destinations of included links. In April 2010, however, this number nearly doubled to 18% of spam.
  • Stuxnet, a Trojan horse has by now infected nearly 100,000 computers and seeks to steal SCADA-related documents, such as industrial automation layout design and control files.

If thats not enough, here's a scoop from the McAfee Survey of 900 mid-sized companies on emerging threats.

  • 322% increase in average number of attacks on mid-sized organization in 2009 vs. 2008
  • 56% experienced an increase in security incidents
  • 29% suffered a data breach in the last year
  • 71% believe a serious data breach could put them out of business
  • 40% of data lost in breach is private customer, partner or employee information.
  • 47% of all reported intellectual property losses were from EMEA-based organizations
  • 55% of midsized organizations spend less than 3 hours per week on proactive security

Forrester survey of 305 IT decision makers mentions that the value of corporate secrets are twice as valuable as custodial data. Companies focus mainly on preventing accidents but deliberate theft of information by employees is much more costly. Damage caused by a rouge IT administrator is $482K on an average, however damage caused due to accidental leakage of information is $12K on an average. The survey also says that most CISOs don't really know if their controls really work. So much for hiring Mr. "Good"!!

As the "Good" and the "Bad" vied for advantage, there were many developments on many fronts around the globe. While its difficult to say who will win this game of cyber war between the "Good" and the "Bad", there are at least, some measurements available. One of them, public breach disclosures, fell noticeably in 2009. Organizations that track disclosed breaches like DataLossDB and the Identity Theft Resource Center reported figures that were well off 2008 totals.

Coming back to my previous question on "How will it end?"...Seems like this War is Neverending.

Sources Cited:
http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf
http://www.forbes.com/2010/08/25/cybersecurity-malware-spam-technology-symantec.html?partner=alerts
http://www.mcafee.com/us/local_content/reports/q22010_threats_report_en.pdf
http://download.microsoft.com/download/F/2/3/F2398E9C-94FE-496C-BFB2-9DEFE1502ABD/Forrester%20TLP%20-%20The%20Value%20of%20Corporate%20Secrets.pdf