Cyber-Crimes Not Just Impacting a Few Companies

About 431 million adults in 24 countries experienced a cyber-crime last year, according to metrics collected by the Security Innovation Network.

Eighty-five percent of all companies in the United Kingdom and the United States have had at least one data breach, according to SINET. Chances are pretty high that a company that you work with will experience this.

SINET reported that the Internet is inundated with more than 30,000 new virus-infected pages daily. Better check to see if the security in your own devices is up-to-date.

More than $60 billion was spent worldwide on cyber-security in 2011. The U.S. federal government spent $9 billion of that total in 2011 and is expected to spend $14 billion yearly by 2016—despite expected cutbacks in the federal budget. That computes to a 9 percent per-annum growth, versus 2 percent for the overall IT market. It is a high priority among IT decision makers.

SINET panel speaker Ernie Hayden, managing principal of energy security with Verizon’s global energy and utilities division, shared this nightmare-inducing factoid: “Ninety-seven percent of all [electrical] circuit miles wired in the U.S. are not covered by any cyber-security standards.” Does the term “sieve” come to mind?

Everyone knows about the continuing data explosion. It was estimated that the world consisted of 5 exabytes of digital data in 2001, and that has expanded to a whopping 281 exabytes in 2009. That’s a 56X expansion in that time span, and it’s accelerating.

The so-called “Internet of Things,” term to describe the preponderance of connected endpoint devices, is projected to total more than 50 billion connected devices by 2025. It was estimated at 2.5 billion in 2011. At last guess, there were just over 7 billion people inhabiting the Earth, according to the U.S. Census Bureau. http://www.census.gov/main/www/popclock.html

Add to the mix smart meters in every household, and “every endpoint is a new potential threat vector,” according to panel speaker Doug Powell, manager, SMI Security, Privacy & Safety, for Canadian utility BC Hydro.

Certain agencies of the U.S. government—namely the classified sector (NSA, FBI, CIA and the military)—are often early adopters at the forefront of IT threat, challenge and innovation vectors. However, according to Debora Plunkett, information assurance director of the National Security Agency, you will never see those agencies embracing the “bring your own device” trend that an increasing number of enterprises are adopting. If you work for one of those sectors, you will use a company device for work—period. Security reasons are fairly obvious.

From Joe Sullivan, chief security officer for Facebook: “Too many security professionals have evolved into compliance professionals. A good IT security professional understands coding and the technology, but also usability and design. Too many of the products we see have one or the other, or neither, because they are focused on: ‘We are a compliance solution.’ Compliance standards exist to tell us what we need to do to manage risk. But if the compliance standards were so good, then we wouldn’t have had all these breach stories of the last few years.”