Sign In Register
5G
6G
Broadband
The Core
The Edge
Open RAN
Private Networks
The Cloud
Security
AI/Automation
Cable Tech
DOCSIS CCAP Cable Business Services 10G The Bauminator
IoT
OSS/BSS/CX
SD-WAN
Optical/IP
FTTX DCI Routing Any Haul/X-Haul
Test & Measurement
Services
4G/3G/WiFi
Satellite
Video/Media
Regions
Asia Africa Europe India Middle East
Industry Show News
MWC Resource Center Big 5G Event
Events
Optical Networking Digital SymposiumLeading Lights 2022Transforming the Cable HFC Network Breakfast Event at SCTE Cable-Tec ExpoEdge Computing Digital SymposiumConverging the HFC & 5G Networks
Events Archives
Digital Event Archives Cable Next-Gen Europe 5G Orchestration & Service Assurance Digital Symposium Big 5G Event
Microsites
5G Testing Resource Center
White Papers
Leaders In:
Leaders In Pluggable Optics Leaders In – Cloud Leaders In 5G Orchestration
Market Leader Programs
5G Transport: A 2021 Heavy Reading Survey The Journey to Cloud Native Coherent Optics at 400G, 800G, and Beyond 2021 Heavy Reading Open RAN Operator Survey
Webinars
Upcoming Webinars Archived Webinars 5G Webinars Live Learning Webinars
Light Reading Video
Telecom Innovators Showcase
Light Reading Audio
Light Reading Podcast Executive Spotlight Q&A
Communities
The 5G Exchange LR Asia Broadband World News Connecting Africa Telecoms.com Women In Comms
News & Views Events Leading Lights Awards About Us Advertise With Us Newsletter Signup
x
Newsletter Signup Sign In Register
Optical/IP Networks

Verizon: Hackers Still Using Old Tricks

News Analysis Carol Wilson, Editor-at-large 4/19/2011
Comment (7)
Hackers and mobsters aren't innovating to steal more data and crack into more networks, because they don't have to -- there is still low-hanging fruit to be harvested in the data security orchard, according to the "2011 Verizon Data Breach Investigations Report."

"We are not seeing James Bond or Star Trek type attacks or anything we haven't seen before," says Dave Ostertag, Verizon Enterprise Solutions global investigations manager. "The bad guys are using the same techniques as five to eight years ago."

The report found an astounding increase in the number of data breaches reported, but a decline in the amount of data stolen. Just over 760 data breaches were reported in 2010, compared to 900 total in the six previous years. But only 4 million records were compromised -- that's a lot, but a lot less than the 144 million compromised in 2009.

That seeming disconnect is the result of a couple of trends: Security systems are protecting large-scale data networking operations, driving the bad guys to go after smaller, unprotected operations such as mom-and-pop retailers. And a growing amount of what's being stolen today is intellectual property that can be used to damage a business, but isn't measured in number of data records.

"That kind of data theft involves only one buyer -- someone who can use information about business processes, corporate earnings or some other intellectual property to damage a business," Ostertag says.

Other notable trends:

  • The "inside" job isn't: More than 90 percent of attacks were by outside sources.
  • There is growing physical theft, much of it by device, such as those put on ATMs or gas pump credit cards. That kind of breach doubled in 2010 and is tied to organized crime.
  • Businesses still need to do the basics, like strengthening and changing passwords, limiting and controlling "privileged" users, actually studying event logs for anomalies and paying closer attention to physical access points.

    Why this matters
    Verizon's annual report gives enterprises a road map for how to spend their limited corporate dollars to reduce vulnerability to security breaches, based on what current attacks look like. Ostertag also used the report to warn enterprises that a new cycle of large-scale attacks -- those designed to capture a large volume of credit card numbers or other monetizable data -- may start soon, and the industry needs to be prepared.

    For more
    Managed security remains a sweet spot for service providers. Here's a look at some recent announcements in this realm:

  • BT Launches Managed, Secured Messaging
  • XO Lands Cloud Security Partner
  • Bad Economy Good for Managed Services Sales
  • Verizon Aims for 'Everything as a Service'
  • MegaPath Chases Managed Security
  • Cox Enhances HSD for SMBs
  • Developers Get Choosy About Mobile App Platforms — Carol Wilson, Chief Editor, Events, Light Reading

    • COMMENTS
    Newest First | Oldest First | Threaded View
    Add Comment
    jepbjr 12/5/2012 | 5:07:12 PM
    re: Verizon: Hackers Still Using Old Tricks

    Managed security services are a great idea for carrier service offerings, but the carrier networks themselves are generally shockingly unprotected.  Default passwords left open on network nodes, no centralized logging of NE command interaction, and no centralized administration of user privileges, password aging, or contractor access are not the exception -- they're the rule. 
    Reply | Post Message | MESSAGES LIST | START A BOARD
    DCITDave 12/5/2012 | 5:07:07 PM
    re: Verizon: Hackers Still Using Old Tricks

    The survey results raise a question: If hacker moves haven't changed in five years, why invest in more sophisticated security/protection systems?
    Reply | Post Message | MESSAGES LIST | START A BOARD
    paolo.franzoi 12/5/2012 | 5:06:57 PM
    re: Verizon: Hackers Still Using Old Tricks

     


    So, the reason that the hackers are not morphing?  Their current attacks work great!


    What we are seeing in the Spam business anyway is steady state on the spam but a huge rise in Phishing and Malware campaigns.  These are the much more sophisticated attacks.  I am surprised that Verizon did not note the rise in drive by malware attacks (attacks that can happen even if you don't click the link).


    The issue with the more sophisticated security systems is really time to response.  Does your vendor have a way of stopping a specific attack soon after it starts?


    As to the managed security business (since I am in it), the best way to look at it is IT outsourcing.  Instead of having your IT folks have to have deep knowledge in all kinds of equipment are there vendors out there willing to manage equipment so that your IT folks don't have to.


     


    seven


     
    Reply | Post Message | MESSAGES LIST | START A BOARD
    DCITDave 12/5/2012 | 5:06:57 PM
    re: Verizon: Hackers Still Using Old Tricks

    Do you think the expertise in IT security outsourcing should break down around network expertise or equipment expertise?


    If a business were choosing between Verizon and, say, a security management specialist, what would be the biggest argument for the specialist?
    Reply | Post Message | MESSAGES LIST | START A BOARD
    paolo.franzoi 12/5/2012 | 5:06:56 PM
    re: Verizon: Hackers Still Using Old Tricks

     


    Well, I can't imagine Verizon being an expert more than an IT department.  We recommend us as the experts on our product. :)


    The "cloud" model with security is often what is being discussed in this area.  Carriers sometimes resell 3rd party services (well that is what our carrier customers often do).  They can offer them directly as well.


    It's funny the network expertise I see is really minimal.  The network stuff from our standpoint is guys who know a lot about routers and firewalls.  Customers often know very little about them and have difficulty dealing with them.  The classic network expertise means very little.  Its an Internet connection or its an Internet connection or its an Internet connection.  The things carriers care about in building networks are basically of little to no value to guys who just want an Ethernet Jack with an Internet Pipe attached to it. 


    What I have not seen is a carrier wanting to take over and manage my internal network with its VPNs (and yes there are multiple of them).  Now THAT would be a service people would pay for.  Bring the network to the desktop and toss out basically the network staff in the IT department.


    seven


     
    Reply | Post Message | MESSAGES LIST | START A BOARD
    desiEngineer 12/5/2012 | 5:06:56 PM
    re: Verizon: Hackers Still Using Old Tricks

    seven,


    I don't think providers have that quality of staff.  I think that security is inherently a much harder problem than network connectivity.  Network connectivity can be taught from a book for dummies, a trade school, etc.


    Network security should only be managed by a paranoiac.  If service providers want to sell managed network security, they need to hire people like that.


    And there aren't enough paranoid networkers to go around, so managed network security could really take off, provided SPs think along those lines.


    -desi
    Reply | Post Message | MESSAGES LIST | START A BOARD
    paolo.franzoi 12/5/2012 | 5:06:54 PM
    re: Verizon: Hackers Still Using Old Tricks

    desi,


    I am not trying to say what SPs staff can and can't do.  I know we have SPs that resell our security services to customers.  So, they can at least do that.  As to outsourcing the Geek Squad stuff, at least that makes some sense to bring across the networking expertise.


    seven


     
    Reply | Post Message | MESSAGES LIST | START A BOARD
    EDUCATIONAL RESOURCES
    FEATURED VIDEO
    UPCOMING LIVE EVENTS
    Optical Networking Digital Symposium
    September 13-15, 2022, Digital Symposium
    Leading Lights 2022
    September 13, 2022,
    Edge Computing Digital Symposium
    September 20-22, 2022, Digital Symposium
    Transforming the Cable HFC Network Breakfast Event at SCTE Cable-Tec Expo
    September 20, 2022, Breakfast Event
    Converging the HFC & 5G Networks
    September 21, 2022, Breakfast Event
    The Programmable Telco Digital Symposium
    October 4-6, 2022, Two Day Digital Symposium
    Open RAN Digital Symposium
    October 18-20, 2022, Digital Symposium
    All Upcoming Live Events
    UPCOMING WEBINARS
    August 18, 2022 SCTE® LiveLearning for Professionals Webinar™ Series: Closing the Rural Digital Divide
    August 23, 2022 A year of surveys – what did we learn?
    August 23, 2022 Service Provider AI Survey 2022 Results: Accelerating AI Deployment in Data Centers and Mobile Networks
    August 25, 2022 Techno-Economic Analysis for Automating your Data Center with Apstra
    August 30, 2022 Enable sustainable business growth with Cloud Metro
    August 31, 2022 Taking your subscribers to gigabit and beyond
    September 6, 2022 4.9G and 5G Private Wireless Networks Accelerating Digital Transformation Across Industries
    Webinar Archive
    PARTNER PERSPECTIVES - content from our sponsors
    Early Adopters of 5G SA Save 36% in TCO and Gain Competitive Advantages By Mavenir
    A Forum in Philly Explores the Cable Industry’s Future By Chris Bastian, CableLabs
    Carriers Cloud Transformation Drives New Growth By Kerry Doyle
    Omdia Report: Huawei Leads the Global 400G WDM Market By Huawei
    5G-Advanced Takes Off, Opening a New Chapter for 5G Globally By C114
    All Partner Perspectives
    GUEST PERSPECTIVES - curated contributions
    AT&T fiber: On track to cover more than 30M locations by the end of 2025 By Chris Sambar, EVP, AT&T Network
    Stepping back for a fresh look at the 5G Edge By Jon Baldry, Marketing Director, Metro Business Unit, Infinera
    All Guest Perspectives
    HOME
    Sign In
    SEARCH
    CLOSE
    MORE
    CLOSE