In an effort to make sure that those of us not attending the fun in Vegas are left out, a number of interesting security related reports have been released in the past week or so. In all the reports include a lot of data to be digested, but the takeaways from these seem to be:
- Web App Security needs some work.
- Privileged users can be dangerous
- Organizations need to know what data they have and where
- The information is in the logs, but no one is looking
- Egress filtering is important
- Malware is getting more sophisticated and customized
None of this is really news to infosec pros, but it may provide some fodder when explaining needs to management, as the reports contain hard numbers (and pretty graphs).
Here are some of the most recent reports:
Verizon 2010 Data Breach Investigations Report (DBIR)
The big news here is that the DBIR now includes data from the U.S. Secret Service, giving the folks at Verizon more data to work with. The report is very well put together and does a great job of presenting the data it contains, including pointing out where the new influx of data from the Secret Service has impacted the data making trends appear different than they have in past DBIRs. The report is available here.
Akamai State of the Internet Q1 2010
Akamai’s large global network certainly allows them to see a lot of traffic, both normal and malicious. Only the second section of the report deals directly with security, but the rest still makes interesting reading. In addition to attack traffic data, the report also contains information on global connection speeds, US connection speeds and mobile connection speeds. The report is available here (registration required).
Ponemone/ArcSight Cost of Cyber Crime Study
This study was sponsored by ArcSight, so there is a good amount of mention of SIEM systems and their benefits. The study still contains some interesting data on how much incidents can actually cost organizations (before, during and after an incident), with good information about the methodology used to arrive at the figures presented. The report is available here (registration required).
Digital Forensics Association “The Leaking Vault”
“The Leaking Vault” takes 5 years of data breach information taken from many different sources include FOIA requests, the Open Security Foundation, the Privacy Rights Clearinghouse, Sound Assurance, and the Identity Theft Resource Center. The result is a large amount of data which is sliced and presented in many different ways, providing some interesting incite into data breach notification (and the failures of them in some cases). The report is available here.
Cisco 2010 Midyear Security Report
The Cisco 2010 Midyear Security Report is less numbers focused than the reports listed above, but still interesting. The report is more focused on the changes in enterprises today and how those changes will impact security needs. This includes Mobile Devices, Virtualization and Cloud Computing, Social Media, and Government regulations. The report also includes information on worldwide spam volume. As an added bonus, the report also includes “The Artichoke of Attack” (page 21) which is by far my favorite graphic from any of these reports. The report is available here.