Day One.

I think the little introduction just about says it all. In an effort to stay informed about the risks to my customers I read a lot of stuff over the course of a month. Rather than keep it to my self, I thought this might be a good way to share what I find. Mainly, I want to highlight the risks associated with simply having an on-line presence -- and what business lacks that? Large, high-profile businesses have been aware of the battle taking place on their firewalls and IPSs and servers as they have been the primary battleground. Now, however, medium and small business are in the fray as well -- whether they like it or not, and whether they are aware of it or not. Where do you think all those millions of zombies and bots come from? Do the math. Do you think it's possible that there are millions of compromised computers being used for DDS attacks and none of them reside on the networks of small and medium businesses? HIGHLY unlikely. Education is the key here, friends and customers.

So... let's begin, shall we?

Read this first. From ITSecurity.com, Mafia 2.0: Is the Mob Married to Your Computer? A good summary of who, what why, when, and how of the criminal operations that are behind just about every security event today.

http://www.itsecurity.com/features/mafia-2-security-crime-011807/


Dark Reading is a great newsletter and site. You'll find over the course of our relationship that much of what I post comes from there. I'll take no offense if you decide to subscribe to Dark Reading directly and bypass my inane ramblings.

The Six Dirtiest Tricks of 2006 is a classic. This article is worth reading if for nothing else other than the firsthand description of the flask drive experiment. 20 flash drives left around a business... 15 of them inserted into company machines... doesn't matter how good your firewall is in that scenario, does it?

http://www.darkreading.com/document.asp?doc_id=113460


Again from ITSecurity.com : Ransomeware 101. Over 100,000 computers infected with ransomeware over the past eight months. The main message: pay us money or we will encrypt your files and close down your operations. Ah, yes, the value of having current backups.

http://www.itsecurity.com/features/ransomeware-101-082107/


From NetworkWorld via CIO Magazine: TJX Pegs Data Breach Tab at $118 Million. At least their sales are up.

http://www.networkworld.com/news/2007/081507-tjx-data-breach-cost.html


From CIO Insight: Security Reconsidered. An interview with George Westerman of MIT, co-author of of the new book IT Risk: Turning Business Threats Into Competitive Advantage. Westerman proposes a holistic approach to assessing and mitigating risk. Risk is not just an IT issue, you know, and approaching it in this way can actually provide an advantage in the marketplace.

http://www.cioinsight.com/article2/0,1540,2168713,00.asp


Well, that's a start for now. Let me know what you think.