Stratfor specializes in “strategic intelligence on global business, economic, security and geopolitical affairs,”

It appears Stratfor failed to encrypt any of its credit card information, despite promises “to maintain safeguards to protect the security of these servers and your personally identifiable information,” according to its privacy policy.”

http://www.scmagazine.com/anonymous-shreds-intelligence-firm-stratfor-in-latest-hack/article/220781/?DCMP=EMC-SCUS_Newswire

I just wonder when will corporations and their executives start being held criminally liable for such egregious security blunders? Until then, there is very little reason for many of them to change….just my two pennies. Sales point is that no one is safe and all should at least entertain a conversation with you about your security solutions, right?

Happy New Year.

The new Verizon report came out this week. Always a favorite, this report highlights insider fraud, breach risks and other useful data. Here are some of my favorite stats:

• 83% of attacks were classified as “opportunistic” meaning the victim was identified because they exhibited a weakness or vulnerability that the attacker could exploit. (pg. 52)
• 74% of breaches in the study take weeks or months to discover (after point of compromise). (pg. 55)
• 30% of fraud is discovered when there is a notification by law enforcement; 6% were reported to the organization by the affected customer or partner. (pg. 59)
• 1/3 of the breaches studied in the report showed evidence of anti-forensics. (pg. 61)
• A recommendation to restrict and monitor privileged users and conducting annual user account reviews were cited among the best ways to prevent or curtail fraud. (pg. 68)

You can find the full 2011 Data Breach Investigations Report here