U.S. federal spending to counter the growing threat of cyber attacks on government computer networks and national infrastructure is set to increase, according to research firm Input. Federal Spending On Cyber Security To Reach $11 Billion The demand for vendor furnished information security products and services by the federal government will increase from $7.9 billion in 2009 to 11.7 billion in 2014 at a compound annual growth rate of 8.1 percent, more than twice the rate of total federal IT spending. Cyber attacks on the federal government are up 300 percent since 2005, and the sophistication of these attacks is also on the rise according to Input. Cyber security is a priority for the Obama administration; and mandates, legislation, and funding are also driving the continued growth in spending. “The Obama administration is making an effort to put cybersecurity in the spotlight with some bold initiatives, such as the creation of the White House Office of Cybersecurity and the pending appointment of a U.S. Cybersecurity Coordinator, to oversee all federal information security efforts,” said Kevin Plexico, Input senior vice president of research and analysis. “But these roles have yet to be clearly defined. Facing more complex and increasing attacks, the need for a multi-pronged approach will continue to drive increased funding over a wide range of opportunities.” The top ten executive branch departments account for 65 percent of the total addressable IT security market. Federal agencies’ demand for information security services and technologies continues to present opportunities for vendors, according to Input.

View original here: 
Federal Spending On Cyber Security To Reach $11 Billion

Small business owners need to do more to ensure the safety of their employees, intellectual property and customer data, according to the 2009 National Small Business Cybersecurity Study. Small Businesses Need To Improve Cybersecurity The study was co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec and surveyed nearly 1,500 small business owners in the United States about their cybersecurity policies. Only 28 percent of U.S. small businesses have formal Internet security policies and just 35 percent provide any training to employees about Internet safety and security. At the same time, 86 percent of these firms do not have anyone solely focused on information technology security. For those small businesses that do provide cybersecurity training, 63 percent provide less than 5 hours per year. The study found that while more than 9 in 10 small businesses said they believe they are safe from malware and viruses based on security practices they have in place, only 53 percent of firms check their computers on a weekly basis to ensure that anti-virus, anti-spyware, firewalls and operating systems are up-to-date and 11 percent never check them. “The 20 million small businesses in the U.S. are a critical part of the nation’s economy. While small business owners may understandably be focused on growing their business and the bottom line, it is imperative to understand that a cybersecurity incident can be disruptive and expensive,” said NCSA Executive Director Michael Kaiser. “To the millions of very savvy entrepreneurs across our nation, our message is simple - being smart about the online safety of your employees, business and customers is a critical part of doing business. Cybersecurity is not a nice thing to have for American businesses, it is critical to their survival.”

Here is the original:
Small Businesses Need To Improve Cybersecurity

The average attempted click fraud rate fell from 22.9 percent in Q2 to 18.6 percent in Q3, a decrease of almost 19 percent, according to a new report from Anchor Intelligence. Average Click Fraud Rate Dips In Q3 Countries with the highest attempted click fraud rates were Vietnam (30.2%), Egypt (29.6%) and Indonesia (25.5%). The majority of this traffic was the result of large-scale, coordinated click fraud rings and high velocity botnet traffic. The U.S. and Canada continued to show high attempted click fraud rates at 21.2 percent and 20.8 percent respectively, which is noteworthy since these countries account for the greater part of overall traffic volume. “While network level attempted click fraud rates have declined, the methods used to perpetrate click fraud have grown in sophistication and variety,” said Richard Sim, VP of Product Management and Marketing. “Advertisements have become an increasingly common infection vector for payloads like browser hijackers and other forms of malware. Ad networks and search engines should pay close attention to such threats as we enter the holiday season.” Based on Anchor’s analysis of data from its customers, the average invalid rate declined from 27.1 percent in Q2 to 23.2 percent in Q3. The Q3 invalid rate was made up of an 18.6 percent average attempted click fraud rate and a 4.6 percent other invalid rate.

Go here to read the rest: 
Average Click Fraud Rate Dips In Q3

Many Americans still need to focus on securing online accounts and backing up critical data, according to a new study by the National Cyber Security Alliance (NCSA) and Symantec. Americans Lacking In Online Security The majority (85%) of Americans feel they are most responsible for keeping computers secure, and 40 percent feel that individual computer users are most responsible for keeping the entire Internet secure. Only 27 percent of Americans make an electronic backup of their critical files on a weekly basis. More than 55 percent backup their files less often than once a month. Couple those findings with the fact that the use of computers to store personal data such as photos (76%), music (60%), banking information (39%) and tax returns (30%) continues to rise, computer users risk significant losses of valuable information. Passwords are another area where computer users need to improve security. The study found that less than 25 percent of those polled change passwords quarterly and more than 50 percent of Americans never change them. In addition, 40 percent don’t use different passwords for their various online accounts. The NCSA recommends the use of long, complex passwords that include upper and lower case letters, numbers and symbols. In addition to prevent hackers from accessing multiple accounts, computer users should have different passwords for every account and change passwords at least once every 90 days. “The fact that 85 percent of Americans believe they are most responsible for their own online security is a significant sign that awareness efforts are paying off and each one of us understands the important role we play in securing the Internet,” said NCSA Executive Director Michael Kaiser. “However, cybersecurity requires vigilance, maintenance and contingency planning every day of the year. Complex passwords and backing up are critical. Americans are doing better; they need to do better still and integrate cybersecurity into their lives until it’s second nature.”

Read the original post: 
Americans Lacking In Online Security

It might - at least for the sake of a thought exercise - be time to once again decide where you come down on the freedom versus safety debate. The CEO of Kaspersky Lab seems to feel strongly that, for the sake of security, we should do away with online privacy and give all individuals a form of online ID. Kaspersky CEO Calls For Internet Passports, Police Eugene Kaspersky told Vivian Yeo , “I’d like to change the design of the Internet by introducing regulation - Internet passports, Internet police and international agreement-about following Internet standards. And if some countries don’t agree with or don’t pay attention to the agreement, just cut them off.” This drastic move would almost certainly have an effect on the prevalence of malware and spam. After all, existing forms of identification (like IP addresses) can be useless since any random person can sit down in front of a computer for a few minutes. It would be helpful to know for certain who’s doing what. Still, more than a few heads have been turned due to the threat Kaspersky’s idea poses to privacy. Many people don’t want the police to track their movements in the physical world, and feel the same way about their online activity. Those people will be happy to know Kaspersky himself doesn’t see his concept becoming a reality. The cost and difficulty of negotiating an international agreement would probably be prohibitive in the extreme.

More here: 
Kaspersky CEO Calls For Internet Passports, Police

Google Voice users (along with everyone who isn’t yet a user, but might be once more invites become available) shouldn’t worry that all of their voicemails will be made searchable. Google issued a statement last night to answer some security- and privacy-related questions. Google Voice’s Security/Privacy Verified Google Voice is, in case you didn’t know, a nifty service that lets users receive all sorts of calls through a single number for free. Tons of other features are built in, too, including the ability to record voicemails and make them available online. This occurs as Google sends the account owners special links. Unfortunately, a few of the links recently appeared in search results, leading people to believe that there was some sort of security problem or privacy breach. But a post on the Google Voice Blog explained, “[I]f a user copied that unique URL from their email notification, and published it on a public website, then typical search engines, including Google, could have indexed it.” And now even that’s out of the question. “[W]e decided that even if a user chose to include this unique URL in a public website, it would remain unsearchable,” the post continued. “If you want to publicize a Google Voice message on your website, we provide a special embed code for this purpose. Visitors will then be able to listen to that particular message, but the message itself will remain unsearchable.” So use Google Voice (or look forward to using it) as you did before the hubbub. Security’s not an issue, and the service’s privacy standards are higher than ever.

Excerpt from:
Google Voice’s Security/Privacy Verified