Monthly Archives: November 2015

The True Cost of Poor Cybersecurity

It might be the oldest attitude in the books: “It won’t happen to me.” Or, “I’ll take care of it later.” But there is a reality that can be costly to businesses, even to the point of taking a business offline or out of commission for good. We’re talking about cyberattacks. They can happen to anyone, anytime. The cost? —Six figures? Seven figures? Ten figures? Depending on the size of the business, any one of these amounts is possible. Take a look at our infographic to explore the true cost of poor cybersecurity.


THE TRUE COST OF POOR CYBERSECURITY: The 5 Worst Data Breaches and Most Costly Viruses
Everyone thinks it always happens to someone else and they are safe from a cyberattack. The companies and individuals on our countdown certainly thought that. Cyberattacks can happen to anyone at anytime.   Whether it is hackers or self-replicating viruses, poor cybersecurity can end up costing you a lot.

5 Worst Data Breaches
#1 American Business Hack
Year: 2005–2012
Records Lost: 160 million
A hacking ring from Russia and Ukraine targeted banks, retail chain stores and payment processors, stealing more than 160 million credit and debit card numbers and more than 800,000 bank account numbers.
#2 eBay
Year: 2014
Records Lost: 145 million
No credit card information was compromised; however, hackers stole customer names, addresses, date of birth, and other personal information. Password information was also compromised. The online auction house simply asked customers to change their passwords immediately.
#3 Heartland Payment Systems
Year: 2006–2008
Records Lost: 130 million
Heartland, one of the world’s largest payment processing companies, was hacked using malware, resulting in the loss of credit and debit card numbers. The mastermind behind the crime was given a 20-year jail sentence, the longest handed down for a computer crime. Heartland ended up paying credit card companies $100 million in claims settlement related to the breach.
#4 TJX
Year: 2003
Records Lost: 94 million
The parent company to stores like T. J. Maxx and Marshalls has said hackers took credit and debit card numbers, and in some instances entire customer identities were stolen, including driver license numbers. The breach ended up costing TJX $256 million and was masterminded by the same person who was in charge of the #3 Heartland hack on the countdown.
#5 Anthem
Year: 2015
Records Lost: 80 million
Names, Social Security numbers, and other sensitive information ideal for identity theft were taken from the second largest health insurance company in America. The hack was said to have originated in China.
5 Most Costly Viruses
#1 MYDOOM
Year: 2004
PCs Infected: 2 Million
Damages: $38,000,000,000
MyDoom was a worm spread through e-mail. 1 in 4 e-mails carried the virus at one time. Mydom was a line in the program’s code (mydomain) and thus, after adding an “o”, it was named.
#2 SOBIG.F
Year: 2003
PCs Infected: 2 Million
Damages: $37,100,000,000
Self-replicating worm spread through e-mail.
#3 ILOVEYOU
Year: 2000
PCs Infected: 500,000 (That’s about 10% of the world’s computers at the time)
Malicious program hidden in an email attachment. ILOVEYOU was the first virus that attached itself to an e-mail.
#4 CONFICKER
Year: 2007
PCs Infected: 12 Million
Damages: $9,100,000,000
Confliker was a worm that scanned computers for weaknesses, logged keystrokes and downloaded code from hacker websites. This virus is still active and as of August 2015, is still infecting about 1 million computers worldwide.
#5 CODE RED
Year: 2001
PCs Infected: 1 Million
Damages: $2,600,000,000
Code Red was a worm that exploited an OS vulnerability, actively looking for other machines to attack. It took down and defaced websites, most notably whitehouse.gov. It was nicknamed Code Red because the pair who discovered the virus were drinking Mountain Dew Code Red at the time of discovery.
35% of businesses have lost data due to flawed IT security. Don’t be caught unprepared. Let Mozy help you manage your cloud security needs.
Visit http://mozy.com/product/features/military-grade-security to learn more about how Mozy can keep your data safe and secure.
Source:
http://www.kaspersky.com/about/news/virus/2013/35_of_businesses_have_lost_data_due_to_flawed_IT_security
https://www.washingtonpost.com/news/the-switch/wp/2015/02/27/security-firm-finds-link-between-china-and-anthem-hack/
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches
http://www.huffingtonpost.com/entry/biggest-worst-data-breaches-hacks_55d4b5a5e4b07addcb44fd9e
http://www.tomsguide.com/us/biggest-data-breaches,news-19083.html
http://www.cio.com/article/2399262/data-breach/the-15-worst-data-security-breaches-of-the-21st-century.html?page=2
http://computer.howstuffworks.com/worst-computer-viruses.htm#page=4
http://uk.norton.com/top-5-viruses/promo
http://www.hongkiat.com/blog/famous-malicious-computer-viruses/
http://www.investopedia.com/financial-edge/0512/10-of-the-most-costly-computer-viruses-of-all-time.aspx
http://www.computerworld.com/article/2956312/malware-vulnerabilities/remember-conficker-its-still-around.html

We want your feedback! Really! (And you might win a prize)

Every now and then we all need help with the software. So what do you do? You contact support! As a Mozy customer, we hope that whenever you have a question about the Mozy service that you don’t hesitate to get in touch with us. It’s our job to help you resolve any issue with the Mozy backup software.

Because we want to do our job to the best of our abilities and because we want your experience with Mozy Support to be a pleasant one, we’re inviting you to let us know of your recent experiences with Mozy Support. What feedback do you have from a recent Mozy Support Portal experience? For example:

•  How did everything go?
•  Are there areas where we can improve?
•  If you could change the way we handled your case, what would that be?

By providing us with constructive feedback on your support experience, not only will you be helping us make improvements to the Portal, you will be helping other Mozy customers who reach out to us in the future with a similar issue. And you just might win a fabulous prize. Wait! Did someone say prize? Yes, we did!

How can you win a prize? Simply send us your ideas for a chance to win. It’s that easy. Do you want to learn more? Are you ready to submit your idea? Maybe you just want us to cut to the chase and tell you what the prizes are? For answers to all of these questions and more, click here.

 

Securing Your Data in the Cloud

In the late ‘90s when consumer Internet was relatively new, there was a controversy swirling around online commerce: is it safe to use your credit card online? Fast forward to today. Online commerce is ubiquitous, and one of the largest credit card breaches recently occurred in Target’s brick and mortar stores. Now with enterprise cloud computing, there’s another controversy swirling: is it safe to store your data in the cloud? As a provider of EMC cloud services—including Mozy and Spanning—and in working to tier our on-premises storage products to an EMC object service, I’m often asked this question. The answer depends upon the level of security deployed by the cloud service. Just as online commerce sites vary in their level of sophistication, so do cloud services when it comes to security features, operations, and compliance.

By federating identity and authentication with employees’ corporate authentication service, IT can make access to these services more convenient and more secure. Revoking a former employee’s corporate credentials also revokes access to the associated cloud service. Data should be encrypted in transit and at rest, and customers should have an option to either use encryption keys provided by the cloud service or apply their own corporate encryption keys. To validate that the data arriving in the cloud is exactly the same as from the point of origin, the service should apply a payload integrity validation check, which safeguards against either accidental or intended corruption in transit. And a solid role-based access schema will ensure authorized users can only perform the duties for which they are intended, reserving privileged/administrative rights to the few, while allowing capabilities such as simple reads and writes to the many. Finally, to respect data sovereignty laws, the service should provide geographical data residency options.

Now that the right data has landed in the right place, let’s review the data center operations to make sure it stays that way! Physical access must be strictly controlled on building and cage entrances by professional security staff utilizing video surveillance, alarm systems, and other electronic means, while legitimate access is granted through two-factor authorizations (for example, passcode and fingerprint) and strictly enforced visitor policies. But even more important is cyber hardening of the perimeter, hosts, and applications. Even one security hole in the perimeter could be exploited to gain access through the intended boundary, allowing access to the high-value servers and data within the product environment. In this sense, an ounce of prevention goes further than a pound of cure. Steps like ongoing vulnerability monitoring (especially critical zero-day vulnerabilities) and solid patching practices are essential. Add to that a practice of gold image creation and maintenance that contains all necessary configurations to ensure the hosts are configured securely; for instance, all unnecessary services are turned off at install. Access management is also crucial, and increased security measures for legitimate administrators, such as two-factor authentication with one-time passwords like with RSA’s Secure ID capabilities, go a long way in preventing brute force password hacks.

The next step in prevention is early detection. While the expectation of a perfectly hardened environment is a noble one, in reality, active monitoring provides an ideal air cushion in the event a flaw is exploited somewhere along the way. Tools such as RSA Security Analytics provide alerts from both unexpected log activity and indicators of compromise within the active network traffic flow, while ensuring log and network capture data is maintained in an unalterable state for future investigations and forensic needs. And in case the worst happens, the service needs a trained incident response and containment team available 24/7.

How does one know that a service is taking these measures? That’s where it can be helpful to have a thorough attestation of the level of security provided. There are self-certification attestations, such as assuming responsibility as a Business Associate under HIPAA, and there are independently certified attestations, such as SOC I or 2 Type 2, ISO 27001:2013, just to name a few. In addition, some services employ security professionals to help address customer-specific inquiries and reviews.

When it comes to security there are no absolutes, but with the right security features, operations and compliance in place, a cloud service can provide the same or better protection than on-premises data protection options. After all, corporate IT environments are also susceptible to attacks, and most of them are not held to the same standards or external reviews described here.

Data on the Horizons…and Horizon

It’s getting closer to that time of the year when we start reading about the biggest events that transpired during the past 12 months. Sure, we haven’t entered the month of December yet, but holiday lights and decorations are on the shelves, so why not talk about one of the biggest events and its associated data even before 2015 ends?

Although NASA’s New Horizons spacecraft was launched January 19, 2006, it qualifies as one of the biggest events of 2015. That’s because its six-month flyby of Pluto didn’t occur until July 14 of this year. That’s not surprising, considering that Pluto is 2.66 billion miles away from Earth (when the two planets are closest). That’s a long, loooong way away. To help put things in perspective, the Earth’s moon is 238,900 away. Pluto is 11,000 times further away from us!

Just how important is the New Horizons mission? The National Academy of Sciences has ranked this space mission as the highest priority for solar system exploration. Its purpose is to understand where Pluto and its moons fit in with the other objects in our solar system, according to NASA.

Even though New Horizons didn’t do its flyby of Pluto until this year doesn’t mean important science wasn’t happening before then. About a year after its launch in February 2007, New Horizons did a flyby of Jupiter, gathering all sorts of important data, including about the planet’s great storm systems and why they change colors. And from the start of its mission, the New Horizons spacecraft began collecting and storing data on its two 32-gigabit (“bit” not “byte”) hard drives.

About two months after New Horizons passed Pluto and its moons, the mission team back on Earth began downloading the tens of gigabits the spacecraft collected and stored on its digital recorders. The download, which started in September, will take about 16 months to complete. That’s because even though the radio signals that contain the data are moving at light speed, it takes 4 ½ hours to reach the Earth.

When you’re talking about 4 ½ hours, you’re talking about a lot of time, at least by Earth’s standards, especially if you’re talking download time. 4 ½ hours…270 minutes. That’s no New York minute! You can watch a couple of movies in 4 ½ hours. With the New Horizons transmitting at 1 KB per second, it kind of makes it hard to complain about today’s high-speed Internet speeds, even when they’re slow. If it took that long to download your favorite movie, you might break out the Scrabble board instead. Or if you’re patient, your Friday data night might actually work its way into Saturday, which might not be a bad thing, depending on how well you’re getting along with your date.

With the new year just around the corner, now is as good a time as any to look back at all of the big events of 2015 and consider how much we rely on technology, and how easy—and fast!—it is to download, access, store, forward, and receive the data that makes our world go around. With the ever-increasing speed at which we’re creating data these days, you can only wonder what’s on the horizon.

You proved that haiku can be scary!

Your haikus scared the “h” out of “gost,” so now we can deliver the prizes!

We are pleased to announce the winners of our 5th Annual Mozy Frightful Computer Haiku Contest. You, dear customers, made us proud by putting the chupa back in chupacabra. We’re not going to lie to you: There were so many wonderful submissions this year that we didn’t think we had a gost (remember, the “h” ran off) of a chance to select just three winners. So many great haikus, but only three prizes to award. After much wailing and gnashing of teeth, we selected our winners:

Winner:
Data left for dead,
Noose around its neck? …Mozy
Won’t leave you hangin’!
—M. Neal

Winner:
Late at night he comes
The Grim Reaper and his scythe
Ach! My head is gone!
—Marci Humphreys

Winner:
Zombies and vampires
are nothing when compared to
running out of treats!
—CIMHsv

Congratulations! Each of our winners will receive a $50 gift card. (Winners, please email us at stories@mozy.com and please include your name and mailing address.)

We understand that some of you may be disappointed that you didn’t win, but there’s always next year. So check back with us next October. In the meantime, enjoy your Halloween candy and practice writing haikus.

Back up with Mozy
Even if you didn’t win
There’s always next year

Continue to back up your files with Mozy. Anything less would be scary. Be safe.