According to a CNNMoney.com article today,

“An international cybercrime ring was broken up Thursday by federal and state officials who say the alleged hackers used phony e-mails to obtain personal passwords and empty more than $3 million from U.S. bank accounts.

“The U.S. Attorney’s Office charged 37 individuals for allegedly using a malicious computer program called Zeus Trojan to hack into the bank accounts of U.S. businesses and municipal entities.”

Isn’t it interesting that this sophisticated cybercrime tool was named for Zeus, the Greek "Father of Gods and men" and the Trojan Horse, which allowed Greeks to surreptitiously enter the city of troy and end the Trojan War?

It is as if God and the Greeks have ganged up on the rest of us!

I’m sure God and the Greeks aren’t really conspiring against us, but the Zeus Trojan case underlines the tragic reality that bad guys are  becoming extremely sophisticated in their attacks, and that the cost to us all is rapidly increasing.

The 2010 Independent Oracle Users Group (IOUG) Data Security Survey Report published by Unisphere Research, a division of Information Today, Inc., and sponsored by Oracle Corporation, uncovered the following troubling findings:

1. Fewer than 30 percent of respondents are encrypting personally identifiable information in all their databases.
2. Close to two out of five of respondents’ organizations ship live production data out to development teams and outside parties.
3. Three out of four organizations do not have a means to prevent privileged database users from reading or tampering with HR, financial or other business application data in their databases.
4. In fact, two out of three respondents admit that they could not actually detect or prove that their database administrators and other privileged database users were not abusing their privileges.
5. However, database administrators and other IT professionals aren’t the only people that can compromise data security from the inside. An end user with common desktop tools can also gain unauthorized direct access to sensitive data in the databases.
6. Almost 64 percent indicate that they either do not monitor database activity, do so on an ad hoc basis, or don’t know if anyone is monitoring.
7. Overall, two-thirds of companies either expect a data security incident they will have to deal with in the next 12 months, or simply don’t know what to expect.

More details in the report …

The PwC document, “Findings from the 2011 Global State of Information Security Survey,” states by way of introduction, “As global economic conditions continue to fluctuate, information security hovers in the balance – caught between a new hard-won respect among executives and a painstakingly cautious funding environment.”

The report addresses five areas:

1. Spending: A subtle but enormously meaningful shift
2. Economic context: The leading impacts and strategies
3. Funding and budgets: A balance between caution and optimism
4. Capabilities and breaches: Trends too large to ignore
5. New areas of focus: Where the emerging opportunities lie
6. Global trends: A changing of the guard

Back in July, while studying for the CISSP exam, I proposed that Kerberos (or Cerberus), the three-headed dog from Greek mythology that guards the gates of Hades, ought to be proclaimed the mascot of the CISSP exam.   I furthermore suggested that Busticating a Behemoth into manageable chunks was a good approach to CISSP exam preparation.

Well, I’m pleased to report that I did it!  I received official word this morning that my designation is official.  I can now join the ranks of fellow professionals with the acronym “CISSP” after our names.

I don’t really feel much smarter, but I am gratified to have tackled the big challenge and prevailed.