<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; "><div><div><div><p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">In this issue:</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">1. The Cost of a Data Breach in the US</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">2. Spam Botnet Takedown</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">-------------------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">1. The Cost of a Data Breach in the US</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">-------------------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">A study conducted by the Ponemon Institute on behalf of Symantec (a security software company), shows that the average organizational cost of a data breach increased to $7.2 million and cost US companies an average of $214 per compromised record, markedly higher when compared to $204 in 2009. </p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">The study is based on the actual data breach experiences of 51 US companies from 15 different industry sectors. For the fifth year in a row, data breach costs have continued to rise (except, notably, in the Education sector, where costs fell from $203 per record in 2009 to $112 in 2010.) </p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">The costs are applicable to organizations that experience large data breaches (between 1000 and 100,000 compromised records). Included in the business costs are expense outlays for detection, escalation, notification, and after-the-fact response. </p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">The study also analyzes the impact of lost or diminished customer trust and confidence as measured by customer turnover rates. As could be expected, companies who have larger numbers of records breached, pay more per record because of the higher than normal turnover of customers.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Causes of data breaches: malicious or criminal attacks led to 31% of breaches, systems failures were around 27% and negligence around 41%. </p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">You can learn more about the study or download a copy of the report here:</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica"><http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=ponemon></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">---------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">2. Spam Botnet Takedown</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">---------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Global spam volumes dropped by a third following the takedown of the infamous Rustock botnet last month, according to MessageLabs.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">The takedown occurred on March 17, and junk mail decreased to around 33 billion emails a day, compared to an average of 52 billion a day the previous week.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">However, other botnets have since stepped in to fill the spam void. Bagle has already taken over from Rustock as the single biggest source of junk mail.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Microsoft is attempting to hunt down the Rustock botnet controllers, by posting the date, time and location of an upcoming court hearing, where defendants will have an opportunity to be heard, on their Web site and to one or more major Russian newspapers. </p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">"We will have to send out a notice to the individual or group of individuals we believe is behind the bot," Richard Boscovich, senior attorney for Microsoft's Digital Crimes Unit, said. As Krebsonsecurity.com blogger Brian Krebs noted, "It will be interesting to see who, if anyone, responds to Microsoft notices, and whether the veil of anonymity will be lifted from the pseudonyms of botmasters, spammers and account holders."</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Read the story in full here:</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica"><http://krebsonsecurity.com/2011/03/microsoft-hunting-rustock-controllers/></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">===========================================================================================</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">To read all current and archived articles online, visit the Security-FYI Blog at <<a href="http://securityfyi.wordpress.com/"><span style="text-decoration: underline ; color: #3369b5">http://securityfyi.wordpress.com/</span></a>></p></div><div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; font-family: Helvetica; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><div style="font-size: 12px; "><br></div><div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">Monique Yeaton</span></span></span></span></span></span></div><div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">IT Security Awareness Consultant</span></span></span></span></span></span></div><div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">MIT Information Services & Technology (IS&T)</span></span></span></span></span></span></div><div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">(617) 253-2715</span></span></span></span></span></span></div><div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">http://ist.mit.edu/security</span></span></span></span></span></span></div><div style="font-size: 12px; "><br class="khtml-block-placeholder"></div><br class="Apple-interchange-newline"></span></span></span></span></span></span></span></div></div></div></div></body></html>