Social Media: Listening and Online Reputation Monitoring 2011 report

Today marks the publication of Econsultancy's 2012 Online Reputation and Buzz Monitoring Buyer's Guide, containing profiles of 15 leading vendors and advice for companies trying to choose a tool and to get the most from the technology. 

The report follows separate research we published in November which shows that an increasing number of companies are paying for reputation monitoring software.

According to the State of Social Report, published in association with LBi and bigmouthmedia, the proportion of companies using paid-for technology for reputation monitoring increased from 16% in 2010 to 25% in 2011, including 17% who also use free tools for social listening.

The annual data breach report issued by the Verizon Business RISK team

Here it is again, the annual data breach report issued by the Verizon Business RISK team, which is consistently so chock full of hype-slaying useful data and conclusions that it is often hard to know what not to write about, from the report.

Once again, some of the best stuff is buried deep in this year’s report and is likely to be missed in the mainstream coverage. But let’s get the headline-grabbing findings out the way first:

• Verizon’s report on 2009 breaches for the first time includes data from the U.S. Secret Service. Yet, the report tracks a sharp decline in the total number of compromised records (143 million compromised records vs. 285 million in 2008).


• 85 percent of records last year were compromised by organised criminal groups (this is virtually unchanged from the previous report).


• 94 percent of compromised records were the result of breaches at companies in the financial services industry.


• 45 percent of breaches were from external sources only, while 27 percent were solely perpetrated from the inside by trusted employees.

Among the most counter-intuitive finding in the report?
There wasn’t a single confirmed intrusion that exploited a patchable vulnerability. Rather, 85 percent of the breaches involved common configuration errors or weaknesses that led to things like SQL database injection attacks, and did not require the exploitation of a flaw that could be fixed with a software patch.

In most cases, the breaches were caused by the type of weaknesses that could be picked up by a free Web vulnerability scanner:

“Organisations exert a great deal of effort around the testing and deployment of
patches — and well they should. Vulnerability management is a critical aspect of
any security program.

However, based on evidence collected over the last six years, we have to wonder if we’re going about it in the most efficient and effective manner.

Many organisations treat patching as if it were all they had to do to be secure. We’ve observed multiple companies that were hell-bent on getting patch X deployed by week’s end but hadn’t even glanced at their log files in months.”

To read the full article click on the link: Krebs on Security

To read the full Verizon 2010 Report clcik here: Verizon Report

McAfee report: Cybercrime is the new cyberwar zone

Organised Internet-based crime has reached such intensity and scale that the distinction between cybercrime and cyberwar is being blurred, security giant McAfee said in its annual Virtual Criminology Report.

McAfee Inc., based in Santa Clara, Calif., is the world's largest dedicated security technology company. The report's findings come less than a month after the United States ran a nationwide campaign to raise awareness of cybercrime risks among individuals and businesses.

"Is the age of cyberwar at hand?" McAfee asked in the report, citing evidence that countries hostile to industrial democracies are involved in some of the more serious and sustained cybercrime. In response, McAfee said, "nation-states are arming themselves for the cyberspace battlefield."

The number of reports of cyberattacks and network infiltrations that appear to be linked to nation-states and political goals continues to increase, McAfee said.

"There is active debate as to when a cyberattack reaches the threshold of damage and disruption to warrant being categorized as cyberwarfare," said the report.

"With critical infrastructure as likely targets of cyberattacks, and private company ownership of many of the information systems in these sectors, private companies will likely be caught in the crossfire," the report warned.

McAfee CEO Dave DeWalt said, "Experts disagree about the use of the term 'cyberwar,' and our goal at McAfee is not to create hype or stoke unwarranted fear. But our research has shown that while there may be debate over the definition of cyberwar, there is little disagreement that there are increasing numbers of cyberattacks that more closely resemble political conflict than crime.

"We have also seen evidence that nations around the world are ramping up their capabilities in cyberspace, in what some have referred to as a cyber arms race.

"If cyberspace becomes the next battleground, what are the implications for the global economy and vital citizen services that rely upon the information infrastructure?" DeWalt asked. "What should those of us outside the military do to prepare for the next wave of cyberattacks?"

McAfee believes the private sector at large needs to prepare for cyberattacks, and "those businesses that can weather the storm better than their competitors could be in a position to gain considerable market share."

McAfee also called for greater transparency in current discussions on combating cybercrime. The report said, "Too much of the debate on policies related to cyberwar is happening behind closed doors."

Analysts said although the Obama administration rectified this by bringing the cybercrime debate into the open, many other countries in the industrialized world still insist on confidentiality over the issue.

Industry sources believe criminal organizations have built alliances with adversarial governments that seek to achieve military or political advantage over democracies in the West, Asia, Latin America and elsewhere.

So intense is the interaction between cybercriminality and hostile governments that the distinction between cybercrime and cyberwar is increasingly blurred.

"The line between cybercrime and cyberwar is blurred today in large part because some nation-states see criminal organizations as useful allies. Nation-states have demonstrated that they are willing to tolerate, encourage or event direct criminal organizations and private citizens to attack enemy targets."

In the case of the cyberattacks on Georgia, for example, civilians carried out the cyberattacks on targets while the Russian military invaded Georgia by land and air in August 2008. There is evidence that these civilians were aided and supported by Russian organized crime, as cited in a report by the U.S. Cyber Consequences Unit, an independent research institute.

Russia denied that its government or military provided any help to the attackers or communicated with them. Yet the same US-CCU report found that "the cyberattacks were so close in time to the corresponding military operations that there had to be close cooperation between people in the Russian military and the civilian cyberattackers," McAfee said.

In a sobering conclusion, McAfee said, "While experts may disagree on the definition of cyberwar, there is significant evidence that nations around the world are developing, testing and in some cases using or encouraging cyber means as a method of obtaining political gain."

Although much of that activity is shrouded in secrecy, "there is already a constant, low level of conflict occurring in cyberspace. Whether these attacks are labeled as cyber espionage, cyber activism, cyber conflict or cyberwar, they represent emerging threats in cyberspace that exist outside the realm of cybercrime."

The report said "international cyber conflict has reached the tipping point where it is no longer just a theory, but a significant threat that nations are already wrestling with behind closed doors. The impact of a cyberwar is almost certain to extend far beyond military networks and touch the globally connected information and communications technology infrastructure upon which so many facets of modern society rely.

"With so much at stake, it is time to open the debate on the many issues surrounding cyber warfare to the global community," said the report.