Child Safety Resources Online

Child_eyes

The importance of keeping our children safe online cannot be understated. The Internet is an amazing resource that can be used to greatly enhance and expand education and learning efforts. Unfortunately, like most things in life, there are inherent risks that go along with using it. Facebook, Twitter, chat, webcams: all of these technologies can be of great benefit if used safely. All of these can also be potentially dangerous if used improperly and careful thought is not exercised.

Rather than create another website dedicated to online safety, this post is a pointer to some already created resources:

My hope is to have this be a ‘living post’ that gets updated with new resources periodically. If you are aware of more resources that have Twitter feeds please leave a comment and I will add them to our @ncisocial/kidsafe list. Also, please feel free to submit additional URLs via the comments section as well.

The NCI Blogging Robot

(Updated: May 10, 2011)

(Updated: May 02, 2012 with user submitted links from Valley Book Club)

Data Breaches Cost Companies over $26 Billion in 2011

According to the DataLossDB project, 126,749,634 medical records, bank account numbers, names, and addresses were stolen or accidently leaked in 871 separate incidents in 2011.  That’s an increase of incidences by over 37.4% and of records by 370% compared to 2010.  According to research conducted by the Ponemon Institute in 2010, the average cost of a data breach was roughly $209 per comprised record.  That brings the price tag for 2011 of over $26 billion. The following is an analysis of the incidents:

Types of Breaches

Chart1

Hacking – deliberately breaking into computers – became the most common means of breach last year.

Top Incidents

  • RSA
    The security division of data storage firm EMC was hit by a hack that compromised their popular SecurID cryptographic keys, forcing them to offer replacements to their clients.  The stolen information was later used in an attack on defense giant Lockheed Martin.  RSA has provided a useful working definition of the term advanced persistent threats, or APTs, as “military-grade cyber-attacks on commercial entities”.  In the face of APTs, businesses need a new defense doctrine, which is under discussion by an increasing number of corporate chief information security officers.
  • Texas Comptroller
    A server mistakenly left open to the public contained the Social Security Numbers of 3.5 million teachers and other state employees.  No hacking was necessary to access this server.
  • Sony
    In nine different incidents, the conglomerate lost names, addresses, and credit card and bank account numbers as hackers pillaged its online game, music, and movie divisions.  Hackers made off with 77 million names, e-mail addresses, and passwords after breaching Sony’s PlayStation network.  The Sony breaches followed several similar data breaches by online service suppliers such as Play.com and Lush, so what effect are they likely have on the online services industry?
  • SK Communications
    A complex attack on the Internet company netted the personal information of 35 million South Korean users.  That’s in a country of 50 million people.
  • SAIC
    A few of the defense contractor’s backup tapes were stolen out of an employee’s car.  The tapes contained the medical records of more than 5 million military patients.
  • Sutter Medical Foundation
    A stolen laptop from the health-care provider contained 3.3 million names and other identifying information, along with 943,000 patient diagnoses.  This incident brought on a class action suit, alleging negligence in securing data.

Incidents by Business Type

Chart2

Cybersecurity was one of the top buzzwords for 2011 as commercial organizations increasingly found themselves up against advanced and persistent attacks to the degree previously seen only in military organizations.  Information security has moved up in the agendas of most corporations and other businesses, but government too is placing increasing emphasis on the topic, backing national cybersecurity efforts with dedicated budgets.

Incidents by Offending Party

Chart3

While more and more companies are becoming aware of the problem, few have taken action.  As the above analysis demonstrates, the need to take action has never been so persuasive.

To learn how to protect your organization, download our complimentary Executive Guide to Data Security.

 

Despite what you may think, IT security “is” your business

Many executives feel that IT security is only an issue for the IT department.  The problem is IT security is a bigger issue than just your IT department.  Everyday your company faces viruses, lost devices, stolen data, and intellectual property walking away with recently dismissed or disgruntled employees.  According to the DataLossDB project, 126,749,634 medical records, bank account numbers, names, and addresses were stolen or accidently leaked in 871 separate incidents in 2011.  Costing companies an estimated $26 billion in 2011.  Now you might say, "We aren't in the business of IT or security.  We make widgets.  We maximize investor returns by buying, selling, and trading subsidiaries to create wealth.”  The fact is currently, for an organization to ignore IT security is clearly risky.   As reported in Forbes magazine on January 2, 2012 “If data loss continues on its current trends, it will cost the U.S. economy $290 billion by 2018”. As most cases go unreported, check out the cases that made headlines in 2011:

  • RSA
    The security division of data storage firm EMC was hit by a hack that compromised their popular SecurIDcryptographic keys, forcing them to offer replacements to their clients.  The stolen information was later used in an attack on defense giant Lockheed Martin.  RSA has provided a useful working definition of the term advanced persistent threats, or APTs, as “military-grade cyber-attacks on commercial entities.”  In the face of APTs, businesses need a new defense doctrine, which is under discussion by an increasing number of corporate chief information security officers.
  • Texas Comptroller
    A server mistakenly left open to the public contained the Social Security Numbers of 3.5 million teachers and other state employees.  No hacking was necessary to access this server.
  • Sony
    In nine different incidents, the conglomerate lost names, addresses, and credit card and bank account numbers as hackers pillaged its online game, music, and movie divisions.  Hackers made off with 77 million names, e-mail addresses, and passwords after breaching Sony’s PlayStation network.  The Sony breaches followed several similar data breaches by online service suppliers such as Play.com and Lush, so what effects are they likely to have on the online services industry?
  • SK Communications
    A complex attack on the Internet company netted the personal information of 35 million South Korean users.  That’s in a country of 50 million people.
  • SAIC
    A few of the defense contractor’s backup tapes were stolen out of an employee’s car.  The tapes contained the medical records of more than 5 million military patients.
  • Sutter Medical Foundation
    A stolen laptop from the health-care provider contained 3.3 million names and other identifying information, along with 943,000 patient diagnoses.  This incident brought on a class action suit, alleging negligence in securing data.

Can you afford to have your company on this list?  I did not think so.  All of us have a role to play in a more secure internet and it is clear  we have a problem and need to get on with fixing the issues as quickly as possible.  If your company has customer information, takes credit cards or has computers that use passwords then IT security is in fact your business.

 

 

It's More Than Just a Partner Conference

Airplane

I’m happy to announce that I will be attending the 2012 Aruba Partner Summit from March 19th to March 21st in Las Vegas. I’ve never attended an Aruba partner conference before, but the impression I get is that this will be more than just another partner conference.

When I think of a typical partner conference, I envision a few speeches from CEOs and founders, maybe a hand-off demo or two, and possibly some whiz-bang-hey-look-how-awesome-we-are case study reviews. Boring. This will not be the case at the Aruba Partner Summit; just take a look at the agenda. The summit will have quite a few sales and technical information sessions to help get people exposed to the entire solution line-up.

Personally, I’m looking forward to the following two sessions: 

  • Designing Wi-Fi Networks for High Density Environments
  • Overcoming Challenges in Outdoor Wireless

While these are the two sessions I’m looking forward to the most, I will be attending all of the technical sessions. I’ll try to post some updates during and after the summit to share what I can. Be sure to check back in a few weeks to get my thoughts on the summit and the future of wireless networking as Aruba sees it. 

Daniel

If you're interested in discussing any of the agenda items after the summit, please feel free to contact me. I'm always excited to sit and talk wireless with anyone who is interested in the technology.

Wireless UI Walkthroughs

Recently I created two wireless vendor UI walkthroughs and thought they would be worth sharing with the NCI crowd.

The first walkthrough is of the Meraki Systems Manager. This feature is built-in to the Meraki Enterprise Cloud Controller and offers a fairly extensive set of MDM features to Meraki customers at no extra cost.


The second walkthrough is of the Aruba Instant Virtual Controller UI. The Instant architecture does away with hardware controllers, feature licensing, and even simplifies the administrative experience.


I hope you find the videos interesting. As always, if you have any questions, or would like a live demonstration please do not hesitate to contact us.

Daniel

Bonus Marks: Did you spot the hidden surprise in one of the videos?

by Dan C. & Aniko