Last year, there were nearly 900 data breaches (more than in 2009 or 2010*), resulting in 31 million records breached**. And, as the number of reported breaches continued to rise, organizations paid a hefty cost for data breaches, according to this year’s Cost of a Data Breach Study. Some interesting facts from the 2011 study:

• The organizational cost of a data breach was $5.5 million
• The cost per lost or stolen record was $194
• Negligence was the root cause of 39 percent of the data breaches, while malicious attacks caused 37 percent of data breaches (up 6 points from 2010)
• For the first time, malicious attacks accounted for more than a third of breaches; they also remain the most costly type of breach at $222 per compromised record
• Data-stealing malware is the leading attack type at 50 percent
• The second most common type of malicious attack comes from within the organization;...

Traditionally information security has been reasoned in terms of assets, vulnerabilities and threats. A mature info-sec program has visibility into its critical assets, a compliance program for reducing its attacks surfaces and vulnerabilities therein, and in detecting and blocking threats.  A rich set of patterns and practices have emerged in supporting these for the physical (and static) data center. These include segmentation as a key practice for isolating higher-trust workloads (eg. PCI) from lower-trust workloads (e.g. test, VDI).  Another important aspect is change control  that surfaces through multi-step provisioning cycles and  change management processes. While these practices are important to ensuring compliance and minimizing attack surfaces, there have impacted IT's ability to respond to changing business requirements.  For example, physically segmented workloads create challenges in resource utilization e.g. ...

I am absolutely blown away with what is going on in the mobile world and the latest numbers from IDC demonstrate the fact that mobile is breaking every record. A year on year growth of 57% for Smartphone shipments compared to last year. Do I need to say more? These devices will be used for business and private matters and they function merely as a pc. So what is the difference?  I think that we don’t consider that question enough, we simply use it together with all the features we can get our hands on; mobile banking and payments, browsing the web, reading emails, downloading apps, gathering intelligence, and the list goes on... So why should we separate the way we manage mobile devices from any other device or endpoint connected to our network?

Adaptive Mobile did a report last year on the mobile threats and their key conclusions were that mobile scams are way more profitable than the traditional pc scams (2%...

Symantec Protection Center 2.1 (SPC) has been released!

The Symantec Protection Center Team is proud to announce the release of Symantec Protection Center 2.1 (2.1.0.2075), which was published today to the LiveUpdate Publishing Service.  SPC 2.0 Customers will be notified that an update to SPC is available for download.  This is a LiveUpdate release only.  This update provides fixes for a small number of defects, as well as several major enhancements.

These enhancements include:

• New Security Audit functionality, and reports
• New Intrusion Detection System (IDS) signature reports
• An enhanced Specific Endpoint report
• SPC Web Interface security certificate management
• Updated browser compatibility

Full details are found in the SPC 2.1 Release notes (DOC4967...