Yesterday, Symantec, a leading cyber-security company, posted a summary of their latest annual State of Security Report, claiming that “organizations are getting better at fighting the war against cybersecurity threats.” The report was seemingly very positive with findings from more than 3,300 companies in 36 countries. Among these encouraging conclusions, Symantec found a four percent decrease in organizations that reported attacks, falling from 75 to 71 percent, and an eight percent drop in companies reporting an increased frequency of cyber-attacks. While those numbers looked minimally favorable at best, they went on to add that 92 percent of companies saw losses from cyber-attacks, and that the aftermath and recovery is getting increasingly expensive.

The very same day that Symantec released the report, another report was released by CNET, exposing an alleged Anonymous attack on several large tech organizations, including Apple, Facebook, Microsoft and… Symantec.. Anonymous Sri Lanka is the group that is taking credit for these attacks. You can check out their summary and justification in this pastebin. Also in the Anonymous report, you will find Anon Sri Lanka bragging that they have breached the "world's second-largest software (antivirus) leader/giant." This is reminiscent of another attack targeting Symantec in 2009, where a hacker by the name of Unu exposed more than 70,000 customers’ details using a SQL injection. On his own blog, Unu sarcastically declared that it seemed, “quite strange how a company…which sells software and security solutions… is not able to protect its own database.”

What is most important to take away from this is that while Symantec IS a leading cyber-security company, technology is constantly evolving. Security companies can develop new and advanced firewalls, and in turn, hackers will come up with new ways to breach that firewall. It’s a constant race for one to get in front of the other and despite best intentions, best practices and a solid track record, eventually it is likely a breach will happen. In the case of the 2009 Symantec hack, their ecommerce customer’s passwords were “stored in plain text.” While Symantec took every precaution to protect their customer data by attempting to deny access to their network, the best way to prevent an expensive aftermath is to encrypt all of your sensitive data. And, unlike data encryption products of the past, Gazzang ezNcrypt allows you to encrypt, decrypt and access your data in real time – at an affordable price.

Sources:

http://www.symantec.com/connect/blogs/2011-state-security-report-3300-companies-sound
http://news.cnet.com/8301-1009_3-20099841-83/anonymous-claims-dns-attacks-against-symantec-apple-microsoft/
http://www.infosecurity-us.com/view/5502/symantec-hacked-in-sql-attack/
http://www.infosecurity-magazine.com/view/20438/symantec-says-businesses-getting-better-at-fighting-the-ongoing-security-war/?utm_source=twitterfeed&utm_medium=twitter

Following up on proposed efforts expressed by the President and newly-appointed Federal CIO, Steven VanRoekel, the Department of Energy is the first government agency to shut down a website in regards to this initiative. There are currently more than 20,000 independent government website, so this is just a first step, but appears to be the right direction. The specific action broke down their energy news service site, Energyempowers.gov, and integrated it into their flagship site – which has also been revamped and moved to the Amazon public cloud. This integration and transition to the cloud is projected to save the department more than $10 million annually.

Though there has been some quiet criticism that site consolidation is not a strong enough effort in these times of austerity, the move has been praised by some, including Sen. Thomas Carper (D-Del.) who had declared the recent actions of the DoE as “an important first step toward making our government more nimble and efficient.” In these initial efforts, the DoE has not just closed down one website, but “it’s also started tallying how much money these efforts will save taxpayers.” The agency has estimated that by moving to the cloud and building new sites as sub-domains as opposed to standalone sites, they look to save $150,000 per year, per site. Even if the government only consolidated half of the current websites, this effort could save taxpayers approximately $1.5 billion annually.

Some detractors have negatively critiqued these estimates and argue the difficulty of tracking the cost of sites. Lisa Welchman, a Web strategy adviser to government agencies and corporations, credits them for actually trying to quantify and erase excess costs, stating "most agencies don't even attempt to do that. And it looks as if they've done a good job of revamping the site, giving it a consolidated look and feel. So, I say, more power to them."

To read more on the DoE and their recent cyber efforts, check out:

http://www.nextgov.com/nextgov/ng_20110815_6690.php?oref=topstory

http://thehill.com/blogs/hillicon-valley/technology/177091-doe-among-the-first-to-cut-website