The True Cost of Poor Cybersecurity

It might be the oldest attitude in the books: “It won’t happen to me.” Or, “I’ll take care of it later.” But there is a reality that can be costly to businesses, even to the point of taking a business offline or out of commission for good. We’re talking about cyberattacks. They can happen to anyone, anytime. The cost? —Six figures? Seven figures? Ten figures? Depending on the size of the business, any one of these amounts is possible. Take a look at our infographic to explore the true cost of poor cybersecurity.

THE TRUE COST OF POOR CYBERSECURITY: The 5 Worst Data Breaches and Most Costly Viruses
Everyone thinks it always happens to someone else and they are safe from a cyberattack. The companies and individuals on our countdown certainly thought that. Cyberattacks can happen to anyone at anytime.   Whether it is hackers or self-replicating viruses, poor cybersecurity can end up costing you a lot.

5 Worst Data Breaches
#1 American Business Hack
Year: 2005–2012
Records Lost: 160 million
A hacking ring from Russia and Ukraine targeted banks, retail chain stores and payment processors, stealing more than 160 million credit and debit card numbers and more than 800,000 bank account numbers.
#2 eBay
Year: 2014
Records Lost: 145 million
No credit card information was compromised; however, hackers stole customer names, addresses, date of birth, and other personal information. Password information was also compromised. The online auction house simply asked customers to change their passwords immediately.
#3 Heartland Payment Systems
Year: 2006–2008
Records Lost: 130 million
Heartland, one of the world’s largest payment processing companies, was hacked using malware, resulting in the loss of credit and debit card numbers. The mastermind behind the crime was given a 20-year jail sentence, the longest handed down for a computer crime. Heartland ended up paying credit card companies $100 million in claims settlement related to the breach.
#4 TJX
Year: 2003
Records Lost: 94 million
The parent company to stores like T. J. Maxx and Marshalls has said hackers took credit and debit card numbers, and in some instances entire customer identities were stolen, including driver license numbers. The breach ended up costing TJX $256 million and was masterminded by the same person who was in charge of the #3 Heartland hack on the countdown.
#5 Anthem
Year: 2015
Records Lost: 80 million
Names, Social Security numbers, and other sensitive information ideal for identity theft were taken from the second largest health insurance company in America. The hack was said to have originated in China.
5 Most Costly Viruses
Year: 2004
PCs Infected: 2 Million
Damages: $38,000,000,000
MyDoom was a worm spread through e-mail. 1 in 4 e-mails carried the virus at one time. Mydom was a line in the program’s code (mydomain) and thus, after adding an “o”, it was named.
Year: 2003
PCs Infected: 2 Million
Damages: $37,100,000,000
Self-replicating worm spread through e-mail.
Year: 2000
PCs Infected: 500,000 (That’s about 10% of the world’s computers at the time)
Malicious program hidden in an email attachment. ILOVEYOU was the first virus that attached itself to an e-mail.
Year: 2007
PCs Infected: 12 Million
Damages: $9,100,000,000
Confliker was a worm that scanned computers for weaknesses, logged keystrokes and downloaded code from hacker websites. This virus is still active and as of August 2015, is still infecting about 1 million computers worldwide.
Year: 2001
PCs Infected: 1 Million
Damages: $2,600,000,000
Code Red was a worm that exploited an OS vulnerability, actively looking for other machines to attack. It took down and defaced websites, most notably It was nicknamed Code Red because the pair who discovered the virus were drinking Mountain Dew Code Red at the time of discovery.
35% of businesses have lost data due to flawed IT security. Don’t be caught unprepared. Let Mozy help you manage your cloud security needs.
Visit to learn more about how Mozy can keep your data safe and secure.

We want your feedback! Really! (And you might win a prize)

Every now and then we all need help with the software. So what do you do? You contact support! As a Mozy customer, we hope that whenever you have a question about the Mozy service that you don’t hesitate to get in touch with us. It’s our job to help you resolve any issue with the Mozy backup software.

Because we want to do our job to the best of our abilities and because we want your experience with Mozy Support to be a pleasant one, we’re inviting you to let us know of your recent experiences with Mozy Support. What feedback do you have from a recent Mozy Support Portal experience? For example:

•  How did everything go?
•  Are there areas where we can improve?
•  If you could change the way we handled your case, what would that be?

By providing us with constructive feedback on your support experience, not only will you be helping us make improvements to the Portal, you will be helping other Mozy customers who reach out to us in the future with a similar issue. And you just might win a fabulous prize. Wait! Did someone say prize? Yes, we did!

How can you win a prize? Simply send us your ideas for a chance to win. It’s that easy. Do you want to learn more? Are you ready to submit your idea? Maybe you just want us to cut to the chase and tell you what the prizes are? For answers to all of these questions and more, click here.


Securing Your Data in the Cloud

In the late ‘90s when consumer Internet was relatively new, there was a controversy swirling around online commerce: is it safe to use your credit card online? Fast forward to today. Online commerce is ubiquitous, and one of the largest credit card breaches recently occurred in Target’s brick and mortar stores. Now with enterprise cloud computing, there’s another controversy swirling: is it safe to store your data in the cloud? As a provider of EMC cloud services—including Mozy and Spanning—and in working to tier our on-premises storage products to an EMC object service, I’m often asked this question. The answer depends upon the level of security deployed by the cloud service. Just as online commerce sites vary in their level of sophistication, so do cloud services when it comes to security features, operations, and compliance.

By federating identity and authentication with employees’ corporate authentication service, IT can make access to these services more convenient and more secure. Revoking a former employee’s corporate credentials also revokes access to the associated cloud service. Data should be encrypted in transit and at rest, and customers should have an option to either use encryption keys provided by the cloud service or apply their own corporate encryption keys. To validate that the data arriving in the cloud is exactly the same as from the point of origin, the service should apply a payload integrity validation check, which safeguards against either accidental or intended corruption in transit. And a solid role-based access schema will ensure authorized users can only perform the duties for which they are intended, reserving privileged/administrative rights to the few, while allowing capabilities such as simple reads and writes to the many. Finally, to respect data sovereignty laws, the service should provide geographical data residency options.

Now that the right data has landed in the right place, let’s review the data center operations to make sure it stays that way! Physical access must be strictly controlled on building and cage entrances by professional security staff utilizing video surveillance, alarm systems, and other electronic means, while legitimate access is granted through two-factor authorizations (for example, passcode and fingerprint) and strictly enforced visitor policies. But even more important is cyber hardening of the perimeter, hosts, and applications. Even one security hole in the perimeter could be exploited to gain access through the intended boundary, allowing access to the high-value servers and data within the product environment. In this sense, an ounce of prevention goes further than a pound of cure. Steps like ongoing vulnerability monitoring (especially critical zero-day vulnerabilities) and solid patching practices are essential. Add to that a practice of gold image creation and maintenance that contains all necessary configurations to ensure the hosts are configured securely; for instance, all unnecessary services are turned off at install. Access management is also crucial, and increased security measures for legitimate administrators, such as two-factor authentication with one-time passwords like with RSA’s Secure ID capabilities, go a long way in preventing brute force password hacks.

The next step in prevention is early detection. While the expectation of a perfectly hardened environment is a noble one, in reality, active monitoring provides an ideal air cushion in the event a flaw is exploited somewhere along the way. Tools such as RSA Security Analytics provide alerts from both unexpected log activity and indicators of compromise within the active network traffic flow, while ensuring log and network capture data is maintained in an unalterable state for future investigations and forensic needs. And in case the worst happens, the service needs a trained incident response and containment team available 24/7.

How does one know that a service is taking these measures? That’s where it can be helpful to have a thorough attestation of the level of security provided. There are self-certification attestations, such as assuming responsibility as a Business Associate under HIPAA, and there are independently certified attestations, such as SOC I or 2 Type 2, ISO 27001:2013, just to name a few. In addition, some services employ security professionals to help address customer-specific inquiries and reviews.

When it comes to security there are no absolutes, but with the right security features, operations and compliance in place, a cloud service can provide the same or better protection than on-premises data protection options. After all, corporate IT environments are also susceptible to attacks, and most of them are not held to the same standards or external reviews described here.

Data on the Horizons…and Horizon

It’s getting closer to that time of the year when we start reading about the biggest events that transpired during the past 12 months. Sure, we haven’t entered the month of December yet, but holiday lights and decorations are on the shelves, so why not talk about one of the biggest events and its associated data even before 2015 ends?

Although NASA’s New Horizons spacecraft was launched January 19, 2006, it qualifies as one of the biggest events of 2015. That’s because its six-month flyby of Pluto didn’t occur until July 14 of this year. That’s not surprising, considering that Pluto is 2.66 billion miles away from Earth (when the two planets are closest). That’s a long, loooong way away. To help put things in perspective, the Earth’s moon is 238,900 away. Pluto is 11,000 times further away from us!

Just how important is the New Horizons mission? The National Academy of Sciences has ranked this space mission as the highest priority for solar system exploration. Its purpose is to understand where Pluto and its moons fit in with the other objects in our solar system, according to NASA.

Even though New Horizons didn’t do its flyby of Pluto until this year doesn’t mean important science wasn’t happening before then. About a year after its launch in February 2007, New Horizons did a flyby of Jupiter, gathering all sorts of important data, including about the planet’s great storm systems and why they change colors. And from the start of its mission, the New Horizons spacecraft began collecting and storing data on its two 32-gigabit (“bit” not “byte”) hard drives.

About two months after New Horizons passed Pluto and its moons, the mission team back on Earth began downloading the tens of gigabits the spacecraft collected and stored on its digital recorders. The download, which started in September, will take about 16 months to complete. That’s because even though the radio signals that contain the data are moving at light speed, it takes 4 ½ hours to reach the Earth.

When you’re talking about 4 ½ hours, you’re talking about a lot of time, at least by Earth’s standards, especially if you’re talking download time. 4 ½ hours…270 minutes. That’s no New York minute! You can watch a couple of movies in 4 ½ hours. With the New Horizons transmitting at 1 KB per second, it kind of makes it hard to complain about today’s high-speed Internet speeds, even when they’re slow. If it took that long to download your favorite movie, you might break out the Scrabble board instead. Or if you’re patient, your Friday data night might actually work its way into Saturday, which might not be a bad thing, depending on how well you’re getting along with your date.

With the new year just around the corner, now is as good a time as any to look back at all of the big events of 2015 and consider how much we rely on technology, and how easy—and fast!—it is to download, access, store, forward, and receive the data that makes our world go around. With the ever-increasing speed at which we’re creating data these days, you can only wonder what’s on the horizon.

You proved that haiku can be scary!

Your haikus scared the “h” out of “gost,” so now we can deliver the prizes!

We are pleased to announce the winners of our 5th Annual Mozy Frightful Computer Haiku Contest. You, dear customers, made us proud by putting the chupa back in chupacabra. We’re not going to lie to you: There were so many wonderful submissions this year that we didn’t think we had a gost (remember, the “h” ran off) of a chance to select just three winners. So many great haikus, but only three prizes to award. After much wailing and gnashing of teeth, we selected our winners:

Data left for dead,
Noose around its neck? …Mozy
Won’t leave you hangin’!
—M. Neal

Late at night he comes
The Grim Reaper and his scythe
Ach! My head is gone!
—Marci Humphreys

Zombies and vampires
are nothing when compared to
running out of treats!

Congratulations! Each of our winners will receive a $50 gift card. (Winners, please email us at and please include your name and mailing address.)

We understand that some of you may be disappointed that you didn’t win, but there’s always next year. So check back with us next October. In the meantime, enjoy your Halloween candy and practice writing haikus.

Back up with Mozy
Even if you didn’t win
There’s always next year

Continue to back up your files with Mozy. Anything less would be scary. Be safe.

We treat your data like it’s our data

Talk is cheap, so the saying goes. You hear lots of talk about security when it comes to IT management. So, is talk cheap when it comes to IT? Never! All it takes is one security breach—such as having data stolen or otherwise compromised—for a business to realize long-term or even permanent damage to the bottom line. And there’s nothing cheap about that! Here are a few examples:

•    Target Stores: The result of this data breach was 110 million stolen records. Compromised personal information included 40 million credit card numbers and 70 million records, such as name, physical address, email address, and phone number. Target says the breach cost them $148 million, and the cost to financial institutions was $200 million.
•    JPMorgan Chase: The largest U.S. bank experienced a breach that affected 83 million households and small businesses. User contact information was compromised, including names, phone numbers, email addresses, and physical addresses. As a result, new digital security initiatives will cost the bank $250 million annually. Estimated damage costs from the breach vary, but some put it at more than $1 billion.
•    eBay: Hackers stole email addresses, physical addresses, and login credentials from as many as 145 million users. The company strongly advised all of its buyers and sellers to reset their passwords. Fines and lawsuits are estimated at $200 million.

Even so-called minor data breaches (but it’s not minor if it’s your data that’s been compromised!) can be costly. Today, the total average cost of a data breach is $3.8 million, as reported by Reuters. That’s about $150 per record lost or stolen.

The truth is, it may be impossible to prevent every data breach. That’s why it’s critical that all data is backed up all the time. But there is more to safeguarding your data than just backing it up. For example, how security-minded is the company that backs up your data to the cloud?

Mozy by EMC encrypts your data before it ever leaves your machine, during the transfer process across the wire, and while at rest in our data centers. EMC’s data centers employ state-of-the-art physical and technical security practices. Additionally, Mozy has successfully completed a SOC 1 SSAE 16 Type 2 audit and received ISO 27001 certification. In fact, the Information Security Management System supporting Mozy’s offerings and products, as well as supporting resources, including global data center operations, infrastructure, and application development were recently recertified as to conforming to ISO 27001 requirements.

These independent verifications certify that Mozy’s processes and procedures meet or exceed the strictest control objectives in the industry. By voluntarily submitting to the SSAE 16 audit and obtaining ISO 27001 certification, Mozy demonstrates its commitment to its client information and its preparation to face ongoing threats to digital information.

We treat your data like it’s our data, and one of the ways we do that is by choosing to be audited and certified. It’s a measureable way to demonstrate the security, reliability, and availability of the Mozy service and our commitment to safeguarding your data.

Change is the one thing you can count on—and that’s a good thing

How many times have you heard the expression, “The only thing that is constant is change”? No matter which direction you see yourself going, you can expect change. The expectation of change is deeply rooted in us; you might even say our DNA knows that change is a constant. Change is a-coming. You can count on it.

Change, even if it’s expected, requires adjustment. And even good changes—changes that you want and have waited for—require adjustments. I remember when our first child was born. Actually, I remember months before the actual delivery. There were lots of changes, especially with my wife. As the baby grew in utero, my wife experienced a few cravings. Nothing unusual like pickles or spicy food, but I distinctly remember some pretty persistent requests for Ben & Jerry’s ice cream.

There were changes to that extra bedroom, too. Before our son was born, I painted the walls yellow, applied a banner along the top of the walls, assembled a crib, and hung up a couple of mobiles.

When our son was finally born, there were more changes. Like diaper changing. I didn’t have a lot of experience with this kind of change, but I was quick to adapt. Talk about change being constant. It seemed like I was always changing diapers. But I caught on quickly. I learned that the faster I changed the diaper, the faster I avoided a number of unpleasantries, like lingering malodors and the ever-present danger of getting peed on, which seemed to be an ongoing threat no matter how soaked the diaper already was. But a fresh diaper didn’t mean the end of change. How often did I get A&D ointment stains all over my pants? Great, then I had to change.

When our son went through the terrible twos, which really weren’t so terrible, the change in temperament required more patience and understanding. Before we knew it, he was a teenager. Lots more changes to son and parents during that phase. Then there was college and marriage. Lots of happiness to be sure. And lots of changes. But as I look back, the really easy and fun changes combined with the really difficult changes made all of us better. We improved and became wiser and less uptight and even less apprehensive of those future, unknown changes. That’s good, because you can count on change to find you even if you’re not looking for it. So embrace it and make the most of it!

With all this talk of change, I’ve worked up a craving for ice cream. Specifically, Ben & Jerry’s Rain Forest Crunch. That used to be one of my favorites. Used to be. But alas, it’s no longer available. In fact, it was retired to the Ben & Jerry’s Flavor Graveyard. Now that’s a change I can live without.

The Limited Lifespan of Technology

What do cars and technology have in common? Both lose value the moment you purchase them.

For cars, this isn’t much of an issue since they will usually continue to run just fine for several years. Unlike smartphones, computers, and other tech, they don’t need upgrades. The average age of a passenger car/light vehicle in the U.S. is over 11 years, according to They even get special “historic” license plates in most states after 20 years! Personal technology, though, rarely offers a fully functional lifespan for more than a couple of years.

OS upgrades leave many existing devices behind
Technology you use in your home and at work isn’t as durable as cars. There are three main reasons why personal tech doesn’t do so well in the longevity game.

1.  It breaks easily, particularly mobile technology like tablets and smartphones.
2.  Major operating system (OS) upgrades are often too advanced for existing
3.  Consumers are used to wireless technology, which makes infrequent, but
     dramatic, upgrades.

Are consumers fighting constant upgrades?
Some consumers who have managed to keep their mobile devices longer than manufacturers expect (meaning they haven’t broken them) are voluntarily holding on to them for longer periods than before, Gallup reports. More than half of surveyed consumers told a Gallup poll in April and May 2015 that they hold on to their phones only until they stop working or become obsolete. So, when is a device obsolete?

Most consumers don’t seem to be bothered by an OS upgrade for at least several months. This might explain why 44% told Gallup they stay with contracts to get a phone upgrade every two years. By then, they are ready for something new. Mobile devices are further burdened by network upgrades. Have you tried to operate a 3G device in an area with the “lightening speed” of 4G? Networks don’t serve older devices well, and few have space for upgrades.

Computers operate past their OS support lives
Like cars, desktops and laptops operate even when they’re technically obsolete. There’s a bit of relief in that apps and developers are far more focused on the mobile world. In addition, many computers come with the capacity for upgrades, something few mobile devices offer. Still, while most OS systems may function for years, they lose official support long before they stop working. Microsoft ended support for Windows XP after a 10-year run; support for Vista will end in 2017, also after 10 years. Apple phases out support for its older OS releases even more quickly.

Not surprisingly, Microsoft and Apple both offered limited free upgrades to their latest OS for customers who had more recent versions. There’s nothing like an upgrade to make you aware of all the new software out there you hadn’t considered because…you had an older OS that couldn’t run them.

Consumers are intrigued by new tech approaches
While new apps and other toys are fun, the fact is that many consumers don’t want to learn how to use a replacement device every year, according to Accenture. In the spirit of the Internet of Things, consumers are more interested in buying new approaches to technology.

•   In January 2015, 12% of consumers told Accenture they plan to buy a wearable fitness monitor in the next year
•   40% said they plan to make this purchase in the next five years
•   Over the next five years, consumers plan to buy smart surveillance systems (41%), smart thermostats (39%), and 3D printers

Sure, it’s a lot of fun to have the latest car or the latest technology, but if you decide to wait a little longer before your next purchase, don’t worry; there is always something new and exciting to look forward to no matter when you decide to replace that “old” technology!


Trailers are good, but not for backing up your data

What would you do if you were registered for college and ready for the new school year when, at the last minute, the new apartment complex you signed up with notified you that the apartment would not be ready for you to move in? Here are some options:
•    Quickly find a new place to rent
•    Unregister for college
•    Try to register for another college closer to home
•    Tell your mom and dad that you’re going to live at home after all

Two creative college freshmen who were notified that their new apartment would not be ready for the new school year decided to share an Airstream trailer. It’s a small trailer, so they stuff things wherever they can, including the oven. Not to cook, mind you, but to take advantage of the limited amount of storage space.

That’s a creative solution to a last-minute problem.

You can usually get creative when a problem arises. But sometimes a last-minute problem is a BIG enough problem that no amount of creativity can solve. Like losing your data because you didn’t think backup was important. Sure, you were planning on looking into a backup solution but just never got around to it.

There are a few things in life that you can count on, taxes being one of them. The other is losing your data. At some point a hard drive is going to fail, or someone is going to accidentally delete a file, folder, or directory. Hardware fails. Accidents happen. And who can predict the next disaster? Although there is not much you can do about paying taxes—and we do we recommend that you pay them—there is something you can do about protecting your data.

So, what can you do to safeguard your important files? Back them up! It’s easy and inexpensive, and peace of mind is priceless when you know that should a disaster occur, your data is safe. But there is more to backing up than simply backing up. For example, is your data easily restorable should you lose it? How quickly can it be recovered? Remember, the data you lose today might be needed immediately in order to continue doing business. Ask yourself these questions:

•    Am I backing up my data and, if so, how often am I backing it up?
•    If I lose business-critical data, will I be able to restore it?
•    If I lose an important file, how quickly can I recover it?

These are just some of the questions surrounding backing up data.

One way to protect your data is to back it up to the cloud. Backing up your data to the cloud is a simple, economical way to ensure that your data is protected today and available tomorrow. And there will always be enough space in the cloud to store all of your data without ever needing to stuff anything into the oven.

Mozy by EMC backs up data automatically, restores lost data quickly, and data is accessible and recoverable in a variety of ways. And unlike a trailer, you have an infinite amount of storage space. For more information about the benefits of cloud backup, visit

Yikes! Mozy announces Frightful Computer Haiku Contest v5.0

It’s ba-ack! That’s right, Mozy’s annual “Frightful Computer Haiku Contest” awaits you!

Maybe the recent super blood moon eclipse has inspired you to write haiku. Maybe the fact that Halloween is a few weeks away has got you thinking about ghosts, goblins, and ghouls. Or maybe you remember last year’s Frightful Computer Haiku Contest and you’re screaming for an opportunity to show off your haiku skills. Whatever is motivating you, we’re ready to receive your scary computer haikus for this year’s contest. The rules are frightfully simple:

•   Your haiku must be original. In other words, plagiarizing a haiku will get you disqualified faster than a Sasquatch in Skechers.
•   Your haiku must be awesome. Think chupacabra with extra chupa.
•   One haiku per person. That’s 1 and only 1 and not to exceed 1.
•   Submit your haiku by October 31, 11:59 p.m. MDT in the     Comments section below. The winners will be announced on     Friday, November 6.

If you haven’t written a haiku since grammar school, there is nothing to be afraid of. Here are some haiku pointers: Haikus are composed of three lines. Line one is five syllables, line two is seven syllables, and line three is five syllables. Haikus that don’t meet this criteria will be disqualified, dismembered, and otherwise put to rest, so make sure your haiku has the right arrangement of syllables. Need an example? Here is one of our winners from last year:

Lightning flashes down.
Hard drive’s dead, but Mozy screams:
Alive! It’s aliiiive!

Did someone say prizes? Yes, there will be prizes! A $50 gift card will be awarded to each of three individuals with the most chilling, creative, or otherwise creepy computer haikus.

That’s it! Pretty scary! Pretty good! So send us your haiku before it’s too late!

Like this contest? Click here to tweet it!