[IS&T Security-FYI] SFYI Newsletter, April 4, 2011
Monique Yeaton
myeaton at MIT.EDU
Mon Apr 4 15:27:45 EDT 2011
In this issue:
1. The Cost of a Data Breach in the US
2. Spam Botnet Takedown
-------------------------------------------------
1. The Cost of a Data Breach in the US
-------------------------------------------------
A study conducted by the Ponemon Institute on behalf of Symantec (a security software company), shows that the average organizational cost of a data breach increased to $7.2 million and cost US companies an average of $214 per compromised record, markedly higher when compared to $204 in 2009.
The study is based on the actual data breach experiences of 51 US companies from 15 different industry sectors. For the fifth year in a row, data breach costs have continued to rise (except, notably, in the Education sector, where costs fell from $203 per record in 2009 to $112 in 2010.)
The costs are applicable to organizations that experience large data breaches (between 1000 and 100,000 compromised records). Included in the business costs are expense outlays for detection, escalation, notification, and after-the-fact response.
The study also analyzes the impact of lost or diminished customer trust and confidence as measured by customer turnover rates. As could be expected, companies who have larger numbers of records breached, pay more per record because of the higher than normal turnover of customers.
Causes of data breaches: malicious or criminal attacks led to 31% of breaches, systems failures were around 27% and negligence around 41%.
You can learn more about the study or download a copy of the report here:
<http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=ponemon>
---------------------------------
2. Spam Botnet Takedown
---------------------------------
Global spam volumes dropped by a third following the takedown of the infamous Rustock botnet last month, according to MessageLabs.
The takedown occurred on March 17, and junk mail decreased to around 33 billion emails a day, compared to an average of 52 billion a day the previous week.
However, other botnets have since stepped in to fill the spam void. Bagle has already taken over from Rustock as the single biggest source of junk mail.
Microsoft is attempting to hunt down the Rustock botnet controllers, by posting the date, time and location of an upcoming court hearing, where defendants will have an opportunity to be heard, on their Web site and to one or more major Russian newspapers.
"We will have to send out a notice to the individual or group of individuals we believe is behind the bot," Richard Boscovich, senior attorney for Microsoft's Digital Crimes Unit, said. As Krebsonsecurity.com blogger Brian Krebs noted, "It will be interesting to see who, if anyone, responds to Microsoft notices, and whether the veil of anonymity will be lifted from the pseudonyms of botmasters, spammers and account holders."
Read the story in full here:
<http://krebsonsecurity.com/2011/03/microsoft-hunting-rustock-controllers/>
===========================================================================================
To read all current and archived articles online, visit the Security-FYI Blog at <http://securityfyi.wordpress.com/>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20110404/100c805a/attachment.htm
More information about the ist-security-fyi
mailing list