2009 The Year of Computing Dangerously


The FBI has just stated that just behind a nuclear bomb and a bomb in one of our cities that an attack on the US computing infrastructure is the greatest threat we face.

Advisors to the US treasury have estimated that the total profits from cybercrime now exceeds all illegal drug profits world wide 2009 was a banner year for information security related “incidents”.

I doubt those on the front lines of the drug war in Mexico, in which thousands have died, or those dealing with a financial collapse or impending pandemic would agree with some of the fear, uncertainty, and doubt surrounding cybersecurity.

But there is no question that the threat landscape has become more dynamic and more sophisticated and there doesn’t appear to be any end in sight. Quite frankly the bad guys are better at managing to their objectives than the good guys.

The “stats”:

  • Largest data breach in history: Heartland payment systems with 130 million credit and debit card records compromised
  • Largest Microsoft patch ever: October 11th “patch Tuesday” included 13 bulletins to address 34 security flaws including 8 - a record number - marked as “critical”
  • Largest worm infection since the beginning of forever: The Conficker worm infects ten million plus corporate PC’s using fairly basic infiltration and propagation techniques
  • Largest number of web attack exploits and infiltrations: Web application attacks number one method of infiltration
  • Largest number of viruses found in the wild: Anti-virus solution providers are tracking millions of new viruses this year alone
  • Largest political wrangling: From the NSA to the US Air Force to MI5 all wanting control over the new digital frontier

Throw in a really bad economy, increasing regulatory pressures, and the never-ending cycle of innovations to the computing model and it is a miracle the entire house of cards hasn’t already fallen.

For all the bad though there were many positives advances as well.

  • The Conficker working group was a coordinated cross-functional, geographically dispersed team from the public and private sectors to find the command and control infrastructure and shut it down. This is a model for how various stakeholders can cooperate across geographical, political and ideological boundaries
  • Multiple large software providers like Adobe implemented structured vulnerability and incident response teams enabling more predicative patch and security updates.
  • The largest data breach led to the largest data breach indictment when Albert Gonzalez was indicted for data breach crimes including the Heartland Systems data breach
  • - Security vendors have realized the inadequate nature of stand-alone defenses and have been moving to provide more tightly integrated and broader offerings to address the increasingly sophisticated nature of security incidents.

The reality is that the majority of the incidents we experienced in 2009 may have been avoided if organizations had implemented basic security controls and continuous enforcement, management and visibility into their environment.

At the very least their impact could have been minimized. And at the end of the day the best we can hope for in information security is to limit the probability of a successful incident from impacting our environments and when they do (which they will) limit their impact.

"Recommended For You"

Conficker reprogrammed for new attack run On Conficker: The return of the high-profile mass infection worm