Despite widespread awareness of the impact of cybercrime, cyber attacks continue to occur frequently and result in serious financial consequences for businesses and government institutions. The purpose of this benchmark study was twofold. First, Ponemon, in partnership with ArcSight, wanted to quantify the economic impact of a cyber attack. Second, Ponemon believed a better understanding of the cost of cyber crime will assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack.

“Every corporation is vulnerable to thousands of cyber attacks that occur daily across all industries, causing information theft, disruption to business operations and serious financial loss,” said Dr. Larry Ponemon, founder and chairman of the institute, in an interview with USA Today.

The study also found:

- The most costly cybercrimes are those caused by web attacks, malicious code and malicious insiders, which account for more than 90% of all cybercrime costs per organization on an annual basis.

- Cyberattacks took 42 days or more to resolve, with the average cost to an organization of nearly $18,000 per day.

The release of the study coincided with the Black Hat Conference happening this week in Las Vegas.

As our readers know, the editorial staff of the ITAC blog is always on the look out for trends, stories of the unusual, and of course, the best and worst folks in identity theft. Well, after hours of dedicated research, we have come to one conclusion: our beloved corporate America is under attack by hackers and thieves. And, we will tell you why.

Yesterday, electronics and electrical engineering titan Siemens has identified a new virus that, according to security experts, seems to be targeting the systems of manufacturing and utility companies. IDG News Service reported that the apparent purpose of the highly sophisticated virus is to steal top-secret and competitive information. This is straight our of the 2009 movie “Duplicity” where two corporations battle it out via spying only to get duped by two competitive corporate spies (Julia Roberts and Clive Owen) who are in cahoots. Life does imitates art.

While the virus identified by Siemens is shall we say “higher in the virus food chain,” a new form of corporate fraud is emerging where bad guys forge false business identities to make fraudulent purchases. Colorado’s Secretary of State and other officials are warning the state’s 800,000 or so registered businesses to watch out for these types of scammers who are making fraudulent purchases from several big-box retailers. So far, at least 35 businesses in the state have had their corporate identities misused to open fraudulent credit accounts at retailers such as Home Depot, Lowe’s, Office Depot, Apple and Dell.

Why do the bad guys target corporate America? Yes, this is a rhetorical question. Corporate America is both loved and hated and is the machine that has a great big bulls eye on its back. And, this bulls eye keeps getting bigger and bigger.

What do you all think about this bill? It certainly gives the administration some strong power over the Internet. And, since the Internet economy is such a vast thing, we are surprised that many other organizations and business groups aren’t making a fuss over this bill. The one shining light in this bill is that it will cause the Obama administration to speed up its cybersecurity plan – which certainly needs a kick in the pants these days.

On Saturday, some bad guys posted a message about T-Mobile saying that had completed a massive breach and have been unsuccessful in selling the data to a T-Mobile competitor.    No word yet from T-Mobile as to whether the breach actually happened.  The word on the streets is that Full Disclosure contains posts and information from wanna-be hackers who make fales claims about breaches they had completed.  We will be tracking this one.  So, stay tuned!

While we appreciate the full disclosure of how these new “modernized” systems can cause vulnerabilities, why would you bring this out in a public forum?? Surely, the bad guys read news online. I’m sure many are thanking the Department of Transportation right now, and are sharpening their knives as we speak. Perhaps the move was to raise the issue up, and bring about more funding opportunities for FAA to implement better security measures?  If this is the case, why do it via public relations??

We welcome all thoughts and feedback on this!

While we have certainly tried to raise our voice about this issue, there are leading industry experts who are using even stronger language to describe our nation’s current cyber security efforts. For example, Alan Paller from the SANS Institute told BBC news that the government’s cyber defenses were “embarrassing.” Meanwhile, RSA Chief Strategist Tim Mather also said this:

“I think we are seeing a real breaking point in security with consumers, business and even government saying enough, no more. Let’s rethink how we do this because the system is broken.”

The sheer bluntness these gentlemen have bestowed upon us, while refreshing as it is, actually underscores the seriousness of these issues. The more strong language we hear from industry the more likely things will move in the right direction. What do you think?