The results of the investigation into the recent DigiNotar SSL CA breach reads like a laundry list of “Things Not To Do™” on your critical servers and networks: no antivirus, no centralized logging, and outdated/vulnerable software exposed to the Internet, among other items. What’s funny about the above list is that if the breached systems had been part of DigiNotar’s PCI cardholder data environment, then DigiNotar could never have passed a PCI QSA audit as all three items I noted above are required by the PCI DSS. While I couldn’t verify that DigiNotar accepts credit card payments for its SSL certificates, it almost assuredly does (or did!). It almost certainly had undergone a PCI QSA audit, too.Read more
With the current US economy downturn, cyber crime is increasing at an alarming rate. Let’s face it – data loss can quickly become a public relations nightmare for any business. Solid Core conducted a survey [solidcore.com] of 201 IT and compliance professionals and found that more than half of the respondents admitted their organization either experienced or did not know if they had experienced a compliance control deficiency in the last year.
The Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center, released the 2008 Annual Report on the number of Internet crime complaints received. This report [ic3.gov] was made available on March 31, 2009.
The 2008 Annual Report states that complaints of online crime hit a record high in 2008. The Internet Crime Complaint Center received a total of 275,284 complaints, a 33.1% increase over the previous year. The total dollar loss linked to online fraud was $265 million, about $25 million more than in 2007. The average individual loss totaled roughly around $931 dollars.
Now more than ever, it’s extremely critical for everyone to do their part and be vigilant when it comes to network and enterprise security. Still, with the recent gains in the stock market, I’m hopeful this trend will become more positive.