Tag Archive for Michigan

| February 21, 2009
Comments Off on Costs of Data Breach is Increasing

Costs of Data Breach is Increasing

Costs of Data Breach's IncreasingThe annual Cost of Data Breach survey conducted by the Traverse City, MI-based Ponemon Institute and funded by encryption vendor PGP Corp. found the total average costs associated with data breaches rose slightly since 2007.

The fourth annual U.S. Cost of a Data Breach Study (registration required) surveyed 43 firms that experienced a data breach and asked them to give estimates for their expenses. The total average costs of a data breach grew to $202 per record compromised, an increase of 2.3% since 2007 ($197 per record) and 11% compared to 2006 ($182 per record).

Depending on the size of the breach, costs could become astronomically expensive, said Dr. Larry Ponemon, chair and founder of The Ponemon Institute. Some in the privacy community have a view that people over time will become indifferent to a data breach notification. But the Ponemon breach found the costs associated with lost business continue to climb. The lost business now accounts for 69% of data breach costs, up from 65% in 2007.

“Our model suggests that people haven’t reached the point of indifference yet,” Ponemon said. “When people reach that point the cost of churn should decline, but our findings show the costs continue to creep up year by year.”

The survey also found many firms having trouble preventing data breaches. Of the firms surveyed, 84% said they experienced more than one breach, though the costs are higher for companies experiencing a breach for the first time. Per victim cost for a first-time data breach is $243 versus $192 for experienced companies.

“It’s impossible to create an environment where you cannot have a data breach,” Ponemon said. “Data breaches will probably continue even for the best of companies, but it’s how you detect it, how you respond to it, and how you manage the risk that matters most.”

Companies are fearful of malicious insiders getting access to sensitive data. The rising tide of layoffs as a result of the poor economy has put a focus on the insider threat. But insider negligence continued to play a major role in causing a data breach. More than 88% of all cases involved incidents of insiders mishandling data. Far fewer breaches were from malicious insiders. The Ponemon study found that the per victim cost for data breaches involving negligence cost $199 per record versus malicious acts costing $225 per record.

Fewer firms are investing in additional technologies. Encryption was the first technology implemented after a breach. Of the technology options, 44% of companies have expanded their use of encryption, the Ponemon survey found.

“One of the mistakes people make with encryption is they’ll go and encrypt a laptop and forget about thumb drives, email or FTP servers,” he said. “People are addressing some issues but not addressing the entire problem.”

Some companies turn to the use of third-party services to handle personal information such as payment transactions and customer loyalty programs. But the Ponemon survey found that those services may increase the risk of data leakage and increase the cost of a breach. Breaches by outsourcers, contractors, consultants and business partners were reported by 44% of respondents, up from 40% in 2007. Third-party vendors often take more time to investigate and conduct forensic analysis. Services sometimes lose information due to poor processes or inadequate data protection technologies, Ponemon said.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| February 20, 2009
One comment

IBM Resurrects Broadband over Powerline

IBM Resurrects Broadband over PowerlineA NetworkWorld article proves that where there is money to be taken from the Federal Government, Never Say Never Again. According to the article, IBM (IBM) has started building out broadband over powerline (BPL) networks. The company says BPL could offer broadband connectivity to 200,000 people living in rural areas.

IBM is building out the BPL networksIBM is building out the Broadband over Powerline networks as part of a $9.6 million deal with International Broadband Electric Communications (IBEC). In 2008, IBM inked a deal with the Alabama-based broadband provider to expand broadband access to people living in rural areas. The companies plan to deploy BPL networks to serve areas that only have access to dial-up services. The BPL will be delivered through seven electric cooperatives in Virginia, Michigan, Alabama, and Indiana. Once working, IBEC will serve as the cooperatives’ official ISP.

Broadband over Powerline in Michigan

Bob Hance, CEO of Michigan-based Midwest Energy Cooperative, says his company decided to take part in the BPL network program after a customer survey. The survey results, Mr. Hance says, were overwhelmingly in favor of signing up for the broadband program. Within a week, the cooperative had a waiting list of 4,000 customers practically pleading for service. “We were amazed by the responses to the survey — thousands of letters from citizens of our community expressing their need for broadband in order to improve everything from childhood education to the future of their family-owned small businesses,” said Mr. Hance.

We shared nearly 600 of these letters with local legislators after we realized none of the major service providers were going to answer their calls for help. Thanks to the help of those legislators, IBM and IBEC were able to access the resources needed to help our community. In less than two weeks, we’ve already deployed 400 live miles with broadband access, or nearly 4,000 homes.” according to a 02-19-09 press release from IBM and IBEC.

Electric companies’ benefits

IBM says in addition to bringing broadband connectivity to under-served areas, the new BPL connectivity will benefit electric companies. The BPL rollout will increase electric companies’ ability to monitor, manage and control the reliability of their electrical grids. Currently, electric cooperatives serve roughly 12% of the population in the United States and provide about 45% of the electrical grid. The give-away American Recovery and Reinvestment Act of 2009 include $11 billion to be spent on “smart grid” systems to monitor and manage the nation’s electrical network.

Government handoutrb-

Of course, I may be overly cynical if I question the timing of the IBM announcement. It happened just 24 hours after the $787 billion give-away American Recovery and Reinvestment Act of 2009 was signed by President Obama. In case you didn’t find the five pages entitled Division B— Title VI–Broadband Technology Opportunities Program (pages 398-402 of 407 pages) they authorize the $7.2 billion to give-away stimulate the expansion of broadband networks into rural and underdeveloped areas in the country.

BPL so far has not caught on as a broadband technology in the United States. As of May 2008, there were only 4,776 people in the United States subscribed to broadband over powerline.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| November 16, 2008
Comments Off on Online Security Threats Growing

Online Security Threats Growing

Online Security Threats GrowingDarkReading is reporting that Ann Arbor-based Arbor Networks has issued its fourth Worldwide Infrastructure Security Report. The global report is based on responses from 70 lead security engineers worldwide. Some of the report’s findings are that DDoS attacks have grown a hundredfold since 2000 and the newest threat is increasing service-level attacks

Arbor Networks logoRespondents to the survey said the main threat vectors for attacks experienced during August 2007 to July 2008, were:

  • external, brute force attacks (61%)
  • known vulnerabilities (12 %)
  • social engineering (3%)
  • misconfiguration (3%)
  • none from zero-day threats.

Brute force attacks, such as DDoS, jumped 67 percent over the last year. ISPs reportedly spent most of their available security resources combating distributed denial of service (DDoS) attacks. Flood-based attacks represented 42 percent of the attacks reported and protocol exhaustion-based attacks at 24 percent last year. DDoS attacks have grown from megabit levels in 2000 to 40-gigabit attacks this year. Nearly 60 percent of ISPs worldwide say they experienced DDoS attacks larger than 1 gigabit-per-second (Gbps) to a record 40 Gbps, according to Arbor’s report. Arbor also indicates the growth in attack size continues to significantly outpace the corresponding increase in underlying transmission speed and ISP infrastructure investment according to Danny McPherson, chief security officer for Arbor Networks.

Bandwidth bottleneckThe report indicates that the ISPs surveyed are less worried about DDoS attacks than they were a year ago. This year ISPs describe a far more diversified range of threats, more than half are battling an increase in service-level attacks which accounted for 17 percent of all attacks, that attempt to exploit vulnerabilities and limitations of computing resources. New attacks are being directed at new services, as ISP’s work to diversify their income sources by expanding into content distribution, VoIP or other managed services. These new threats include:

  • domain name system (DNS) spoofing
  • border gateway protocol (BGP) hijacking
  • spam.

Almost half of the surveyed ISPs now consider their DNS services vulnerable. Others expressed concern over related service delivery infrastructure, including voice over IP (VoIP) session border controllers (SBCs) and load balancers. Several ISPs reported multi-hour outages of prominent Internet services during the last year due to application-level attacks.

Botnets are still a big problem for ISPs. Botnets continue their expansion across the Internet. ISP’s report that botnet used for:

  • SPAM (36%)
  • DDoS (31%)
  • phishing (28%)
  • ID fraud (>5%)
  • click fraud (>5%)

Rob Malan, founder and chief technology officer of Arbor Networks explained that, with application-based attacks, bot-infected computers worldwide make connections to a targeted site, then “use an application protocol to deliver a perfectly valid request, not a vulnerability, not something that an IDS or other type of firewall would necessarily flag”. For example, a botnet might instruct its zombie computers worldwide to do a back-end query off a database. “By itself, it’s not bad but, if you have multiple such requests, then you tie up the application – in this case, database – resources on the back-end,” he said.

Even the newest technologies are not secure, 55 percent of ISPs see the scale and frequency of IPv6 attacks increasing. “They are asked to deploy V6, but they don’t feel they can have security [with it],” Dr. Craig Labovitz chief scientist for Arbor Networks says. Today’s IPS/IDS, firewall, and other tools don’t have the proper visibility into IPv6 networks to secure them, he says. Arbor Networks released an earlier study in August 2008 which revealed negligible IPv6 usage.

The response capability of the respondents is mixed. The majority of ISPs report that they can detect DDoS attacks using tools. This year also shows significant adoption of inline mitigation infrastructure and a migration away from less discriminate techniques like blocking all customer traffic (including legitimate traffic) via routing announcements. Many ISPs also report deploying walled-garden and quarantine infrastructure to combat botnets.

Despite the tools, on hand, only a few of the surveyed ISPs said they have the capability to mitigate DDoS attacks in 10 minutes or less. Even fewer providers have the infrastructure to defend against service-level attacks or this year’s reported peak of a 40-gigabit flood attack.

Even less of an emphasis is placed on finding the criminals responsible for these attacks. Arbor Networks found that ISPs have faith in law-enforcement bodies. Nearly two-thirds of respondents indicated that they do not believe law enforcement has the means to act upon the information they provide about attacks or other security incidents. “It’s hard on carriers,” said Malan. “They get paid on traffic, not to do forensic analysis. So it’s hard from their perspective to make the economics work.”

The Arbor Networks 2008 Worldwide Infrastructure Security Report describes a networked world where DDoS attacks growth has outpaced the ability of firms to respond to them and new service level attacks are driven by botnet’s are matching the firm’s efforts to diversify their service offerings to customers. These facts when combined with the current economic recession, the networked world still appears to be a difficult place to do business.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| June 9, 2008
Comments Off on City First in Mich for Broadband Over Powerlines

City First in Mich for Broadband Over Powerlines

City First in Mich for Broadband Over PowerlinesFrom Hometownlife.com Grand Ledge Michigan is the first city first in the state to get broadband over powerlines. A New York company is opening an office in the city to be the first in Michigan to offer broadband access to the Internet over power lines.  The high-speed system will be available to the city’s businesses and residents in early to late spring.

The service will be offered by David Shpigler, president of the Shpigler Group, a consulting firm that specializes in advising utility companies. The company is changing directions and is becoming more of a service supplier. The launch of the technology is one of many similar business ventures around the country.  Grand Ledge was selected to be the first place to deploy broadband over powerlines technology because it is centrally located and because it is served by Consumers Energy. “This is a commercial venture. We are also considering expanding to St. Johns and then evaluating it before launching the service in the rest of the state,” Shpigler said.

“We are working with vendors to be able to have the latest and greatest technology and be able to offer the fastest speeds,” Shpigler said. BPL technology allows a broadband signal to travel on a power line and connect computers to the Internet. A customer connects to the service using a special modem inserted in an electrical outlet instead of to a telephone line or to a cable wire. The company will have a local office at 203 S. Bridge St. in downtown Grand Ledge.

The cost to residential customers is expected to be $29.99 monthly, Shpigler said. Higher speeds and additional services will also be made available to local businesses on a “built-to-suit” basis, Shpigler said. Shpigler said a name for the service has not yet been selected.

He is partnering with Consumers Energy and will play an active role in promoting Broadband Over Powerlines in Michigan. Several similar systems are in operation across the country. BPL technology is widely used in Europe.

Shpigler, who is a well-known speaker on telecommunications issues around the country. He first introduced the service last November to the Grand Ledge Area Chamber of Commerce. He said future applications of BPL may include telephones, home security, medical alert, and Web hosting.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| August 14, 2007
Comments Off on Never Say Never to Broadband over Powerline

Never Say Never to Broadband over Powerline

GigaOm is reporting that LA-based utility.net, broadband over powerline (BPL) network provider, will begin deploying BPL in the Lansing, Michigan area. The BPL rollout will be in cooperation with Consumers Energy. Consumers recently completed a pilot project with Shpigler Group which initially deployed a BPL network to 10,000 homes in and around the city of Grand Ledge, Michigan.

The first phase of the broadband over powerline deployment is expected to be operational by the end of 2007. Consumers Energy will grant utility.net additional service areas in blocks of 100,000 customers in the coming years. Within several years, utility.net expects to reach one million Michigan residents with broadband over the powerline.

utility.net will assume full responsibility for the network and business model. The company will partner with one or more Internet Service Providers (ISPs). The ISPs will manage the relationship with the end customer. Utility.net will initially offer three symmetrical broadband over powerline service levels, 768 Kbps, 1.5 Mbps, and 3 Mbps.

Consumers Energy provides electric and natural gas service to 6.5 million residents of Michigan.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
  Recent Entries »