In my nearly 20 years in IT Security I have seen some strange things — but this takes the cake. When I saw the coverage that the ISS (International Space Station) had been infected with malware I had to laugh. Malware in space!? Is this a bad sci-fi movie? My laughter isn’t driven by anything other than my deep frustration and personal experience with helping customers with these very real issues. Malware has a quantifiable economic and social impact and it begs addressing everywhere, even in space. =P Here are a few interesting and thought provoking security stats to be mindful of:
According to the FBI Computer Crime Survey 2005 –
- Frequency of attacks. Nearly nine out of 10 organizations experienced computer security incidents in a year’s time; 20% of them indicated they had experienced 20 or more attacks.
- Types of attacks. Viruses (83.7%) and spyware (79.5%) headed the list. More than one in five organizations said they experienced port scans and network or data sabotage.
- Financial impact. Over 64% of the respondents incurred a loss. Viruses and worms cost the most, accounting for $12 million of the $32 million in total losses.
According to a study from TrendMicro –
- It is estimated that PC Viruses cost businesses approximately $55 Billion in damages in 2003.
According to Anti-malware vendor Panda Labs –
- Approximately 11 percent of computers around the world are part of these botnets, and they are responsible for 85 percent of all spam sent.
So the costs and impacts are very real and especially at a place like NASA where the research I am sure is quite sensitive. What could they have done better? Well, in this case NASA should have been looking to make some clear improvements such as:
- Further locked down desktop configuration
- Proactive patch management + centrally managed anti-malware solution
- Least privilege
- Content filtering or UTM device
- End user security training
- Comprehensive security review
- Etc, etc.
The article states, “NASA also said in Friday’s report that all laptops on board the ISS were being loaded with anti-virus software.” Lol! (Laugh in utter frustration) Yeah, that might be a good idea! =P