Cobweb

Thanks to MessageLabs for the following content, quoted from their Intelligence Reports

http://www.messagelabs.co.uk/intelligence.aspx

The term “whaling” was first used in 2007 to describe the highly targeted phishing-style attacks against senior executives around the world across a range of organizations. Unlike more random attacks, these are more like surgical strikes, intent on stealing intellectual property or confidential information, and by the time the victim is aware of the attack, it is too late.

Although these attacks aren’t as prevalent as traditional virus outbreaks, they are however increasing in numbers. Since early 2007, MessageLabs has intercepted around ten targeted attack attempts daily, an increase from one per day one year ago, and two per week two years ago. In the early examples from 2005, the main targets were multinational industries, but this is no longer the case; many such attacks now are equally levied against small-to-medium sized businesses too.

The first major whaling attack in 2007 occurred on June 26 when MessageLabs intercepted 512 emails with a Microsoft Word document attached, which contained an embedded spying trojan. All of the emails targeted senior executives across a number of organizations in many countries. So precise were these attacks that the subject line of the email included the recipient’s name and job title.

The next significant wave appeared in September with MessageLabs intercepting 1,100 individual email attacks from the same criminal gang responsible for the June outburst. This series of attacks purported to be from an employment service regarding a prospective employee and included the target’s company name within the subject line. Again, the emails were targeted towards C-level executives and senior management, including repeated attacks at the same company through different C-level entry points.

As my regular readers will know (both of you) I am doing my MBA at the moment and one of the areas I've come to is strategic data analysis. So, I thought long and hard about what I should cover in this area and suddenly had a brainwave! Why not do something that I can use for both University and my role here, then I give value to both workplace and University. That way I can do things on it during work time without feeling guilty too! Result!

So, what is it I want to analyse I hear you ask, well it's funny you should say that as I was just about to tell you. The area I've decided to cover is the importance of Data Security within a company. Obviously to a company like us it's critical as we manage so much of it for so many other people but what's it like for smaller companies who have less money to spend on this area, whats it like for a larger company and what sorts of budgets would they invest to ensure the data is safe, it can't be open ended. Can it?

The questions I'm looking to answer are as follows:-

• How important is data security to companies? Low / Medium / High / Critical?
• Are there markets that require data security more than others? If so, which?
• What price protecting customer data? As a % of spend how do the small compare to the large?
• How many data security breaches are there a year? Is there one area that is worse than others?

Those are some of the areas I've come up with so far as they will be areas of interest. Here's the bit where I say if there's anyone out there who can help me with this then hear my cry, HELP!

If you can't help but would still be interested in any data I do manage to collate then let me know and I'll send it on to you once it has been collected. (Obviously not compromising any data protection!)

As they used to say in Hill Street Blues.....lets be careful out there.

Mark