Category Archives: IT Securiiy

A Stitch in Time Saves Nine

According to Avivah Litan of Gartner:
“A company with at least 10,000 accounts to protect can spend, in the first year, as little as $6 per customer account for just data encryption, or as much as $16 per customer account for data encryption, host-based intrusion prevention and strong security audits combined,” Litan said in an accompanying statement. “Compare [that] with an expenditure of at least $90 per customer account when data is compromised or exposed during a breach,” she added.
So if you split the difference and spend $10/customer on security as prevention, that stitch in time really does save nine stitches fixing it later. Prevention is good risk management.

-jsq

PS: Seen on Steve Hagen’s Network Security Journal.

USB Social Engineering

Why bother with traditional social engineering, when you can let a USB drive do it for you?

It was really amusing to watch the reaction of the employees who found a USB drive. You know they plugged them into their computers the minute they got to their desks.

I immediately called my guy that wrote the Trojan and asked if anything was received at his end. Slowly but surely info was being mailed back to him.

Social Engineering, the USB Way, Steve Stasiukonis, darkreading, 7 June 2006

So much for the traditional network perimeter.

-jsq

PS: Thanks, Johnny.