Top 10 Cybersecurity Predictions & Outcomes for 2012 · Top 10 Cybersecurity Predictions and Outcomes - 2012 Introduction In December of 2011, Netlarity [s Founder & TO made ten major

Top 10 Security Predictions and Outcomes White Paper NetClarity, Inc. Page 1

Top 10 Cybersecurity Predict ions and Outcomes - 2012

Top 10 Cybersecurity Predictions & Outcomes

for 2012

Network Security Industry Veteran Predicts Threats and Risks for 2012…and takes a closer look at his predictions midway through the year.

Copyright © 2012, NetClarity, Inc. All rights reserved worldwide. Patents issued and pending.



Introduction

In December of 2011, NetClarity’s Founder & CTO made ten major predictions about the coming wave of cybercrime and cyberwar threats and exploitation. In this whitepaper, we will explore these predictions and see what the outcomes have been, so far, as we are mid-way through 2012. Here is a summary of the predictions:

1. Smaller to Medium Sized (SMB) Organizations will be the #1 Target for Cybercriminals. The effects on their businesses will be huge – causing numerous SMBs to go out of business.

2. Cloud Computing and Virtual Machines (VM) will continue to be targeted by cybercriminals and cyberterrorists resulting in VM malware and Cloud ‘downtime’ and Cloud ‘data theft’.

3. New and Innovative Attacks will continue to grow against Critical Infrastructure by Rogue and Competitive Nations.

4. Early firewall and antivirus products for Cellular phones will continue to be developed, deployed and easily circumvented throughout the year due to social engineering weaknesses of end-users and new, easily exploitable vulnerabilities in these devices.

5. Exponential growth of Bring Your Own Devices (BYOD) will become a top priority in government and organizations of all shapes and sizes.

6. Stuxnet was just the beginning, as anti-virus vendors begin to catch up, new, more malicious and innovative zero-day malware will arrive.

7. Next Generation Firewalls will start to replace older deep packet inspection NAT-based firewalls, with a focus on USER and APPLICATION layer defenses.

8. Strategically targeted social engineering coupled with eavesdropping, keylogging and covert VPN malware will become the top means for exploiting larger targeted organization and there will be at least ½ dozen very significant breaches that make headlines, while many more actually occur.

9. Growing Privacy Right Violations by Governments and their Contractors in the name of Cyber Defense will take place, even if SOPA and other Internet censorship laws don’t pass. The Anonymous hacking group will take tremendous advantage of this situation to wreak havoc against media, business and government organizations.

10. Next Generation Network Access Control to solve internal security, BYOD and internal risk management issues will be a requirement in most organizations this year.



Prediction #1 Smaller to Medium Sized (SMB) Organizations will be the #1 Target for Cybercriminals. The effects on their businesses will be huge – causing numerous SMBs to go out of business, as a result.

Outcome #1 If you take the time to visit PrivacyRights.org and DataLossDB.org you will see how this prediction has and continues to come true. Most Cybercriminal attacks are focused at smaller to medium size (SMB) organizations. The main reason is that it is traditionally easier to exploit a smaller organization that doesn’t have the INFOSEC staff or tools to preempt such an attack. In addition cyber criminals don’t want to get caught and don’t want to be targeted by the US Secret Service, US Department of Justice, the FBI, Police and/or Interpol. By exploiting a smaller enterprise and stealing a smaller amount of Personally Identifiable Information (PII), the criminals stay off the radar. Finally, smaller organizations either won’t report the breach or if they do report it, it may also be in conjunction with VISA or other organizations noting the breach and then shutting down their ability to take credit cards and transact business.

Prediction #2 Cloud Computing and Virtual Machines (VM) will continue to be targeted by cybercriminals and cyberterrorists resulting in VM malware and Cloud ‘downtime’ and Cloud ‘data theft’.

Outcome #2 In the case of Cloud Computing, the threats we have seen about this year include:

Malicious insiders with access to the virtual machines, servers and services that are hosting the Cloud service. Without proper physical/logical/network



security and strong policies that include background screening of individuals, you may have someone gaining access to your Cloud service that holds the ‘keys to the castle’ and also has an agenda of theft and greed.

Virtual Computing Exploits are new forms of malware (botnets, viruses, worms, spyware, Trojans, zombies, etc.) that take advantage of Hypervisor flaws and other holes in the VM host operating system.

Application Layer Exploits are traditional attacks against known holes. These known holes are called CVEs and I explain what they are below.

Because Cloud Computing is taking off, it’s opened the door to new and innovative exploits. Now, let’s explore some of the latest ways cyber criminals and cyber terrorists are exploiting the Cloud: Cloud Infrastructure as a Service (IaaS) providers are open to abuse through weak, insecure registration processes, where anyone with a valid credit card can register to immediately begin using cloud services. Anyone can obtain an anonymous funded Debit/Credit card by going to a local mall or over the Internet and funding the card. Then, by abusing the anonymity of the registrations, cyber criminals can host old and new “zero-day” malware exploits. Cloud providers need to provide strict and validated registration processes. In addition they should be able to blacklist abusers, tracking remote ISP, router, IP address, MAC address and other information to ‘fingerprint’ the criminals and block their abuse. Some of the top Public Cloud providers also offer Application Programmer Interfaces (APIs), written from a ‘trust’ perspective, not a paranoid security model. Without strong encryption, validation, authentication and access control, these APIs will be exploited to gain access or control over critical ‘admin’ Cloud functions. With VMs taking off, there are more and more Common Vulnerabilities and Exposures that require detection, analysis, review, reporting and remediation. This means you have to work with your VM provider – for example, Microsoft or VMware – to make sure they are writing SECURITY FIXES not just more patches that open more holes. Some of the more serious cyber criminals will use numerous methods such as traditional Phishing attacks and more sophisticated combinations of Malware



exploits through social engineering i.e., knowing Jane is in the payroll department, sending an email to her….“Jane, here’s the spreadsheet I promised you….see attached PAYROLL.xls.” In this scenario, PAYROLL.xls is a custom malware attack that installs keyloggers watching for Jane’s access to QuickBooksOnline.com to gain access to her credentials on this Cloud service. It’s important to train your employees to be more cautious about opening email attachments. In addition, it’s strongly recommended to run a HIPS engine like Threatfire or Prevx in conjunction with sophisticated firewalls like Comodo or ZoneAlarm, which should catch and block the keylogging and data leakage. I’m also a proponent of three factor authentication. If you can’t get that far, go for at least two factor authentication as required access to your Private Cloud service or by your employees to those that provide you with Public Cloud services. Common Vulnerabilities and Exposures (CVEs – see http://nvd.nist.gov and http://cve.mitre.org) in popular applications such as web-servers, database-servers, file-sharing servers, etc. can be exploited remotely. These holes are commonly known and documented by the software companies that make these applications, but usually, only after they have been exploited and this information has been shared with MITRE’s CVE program and the National Vulnerability Database (NVD). If you find yourself or your Cloud Service provider to be running any flavors of these vulnerable applications, you’ll need to audit these systems for these flaws and harden them. In the Cloud Computing environment, your assets at risk start at the core – the storage media that houses your confidential data, customer records, transactional data and any other information that could cause a Personally Identifiable Information (PII) breach. Working your way out from the core, you have the physical location where this information is stored. If it’s in a Public Cloud, you have no control over this storage process so you must add a layer of encryption to protect the data. If there are malicious insiders or cyber criminals hacking your vulnerabilities, maybe you’ve encrypted the information at the ‘abstracted’ storage layer and in the transport that would make it difficult for these folks to steal the PII. So, Encryption of data is so crucial to protection against exploitation. In addition,



you always want to know what real or virtual devices are running or connected to your Public and/or Private Clouds. You should also have intrusion defense solutions in place to defend against unwarranted access or virtual machines running that are attempting to steal data through cross-virtual-machine exploits. Hardening your VM assets in the Cloud is as important as it is in your corporate LAN.

Prediction #3 New and Innovative Attacks will continue to grow against Critical Infrastructure by Rogue and Competitive Nations.

Outcome #3 The dawn of the Computer Age brought with it the potential danger of sabotage by hackers, experts in the inner workings of computers, who take control of the system to steal information or to even cause damage. The mysterious Stuxnet Worm was able to target Iran's Uranium enrichment facilities, and other cyber-attacks have taken control of water control plants in the United States. Government agencies like the Pentagon have been invaded by these unknown experts, and major businesses have had their sensitive information stolen. The potential is great for severe terrorist attacks against financial institutions, utilities, or even military operations. On June 6, 2012 - At a cybersecurity conference at Tel Aviv University, Israeli Defense Minister Ehud Barak and Eugene Kaspersky, CEO of Russian information security firm Kaspersky Labs, which recently discovered the Flame virus, spoke about the current state of cyberterrorism and what needs to be done in the future. Kaspersky said that current trends could have far-reaching repercussions. "It's not cyberwar, it's cyberterrorism and I'm afraid it's just the beginning of the game ... I'm afraid it will be the end of the world as we know it," Kaspersky told reporters at the conference. In a Q & A session, Kaspersky was asked whether Israel was part of the solution or part of the problem regarding cyberwar. He answered, "Both."



Recently, on July 25, 2012 - Speaking about the risk of a major cyber-attack, Connecticut US Senator Joe Lieberman said, “The threat is extremely dire. I am literally worried that an attack could be imminent." Lieberman, who is chairman of the Senate Homeland Security Committee, introduced a revised version of the Cybersecurity Act of 2012 with changes requested by other legislators to limit government regulation and provide incentives to utilities, financial networks and others to improve their Internet security. He said: “Leon Panetta the Secretary of Defense has said that he’s convinced that the next Pearl Harbor like attack on America will be launched from cyber space and there’s some countries out there who are prepared and have the capability to do it now.” (Source: NewsMax)

Prediction #4 Early firewall and antivirus products for Cellular phones will continue to be developed, deployed and easily circumvented throughout the year due to social engineering weaknesses of end-users and new, easily exploitable vulnerabilities in these devices.

Outcome #4 While the Internet connectivity are linked from different mobile devices, such as mobile phone and tablet, mobile security is getting more and more important. While real applications from Comodo, Kaspersky and others have been developed for these new platforms including the Apple iOS used in the iPhones and the Android OS (Linux variant) used in the Droid phones, they can be circumvented by rootkitting (taking admin control of the hardware) as well as by CVE (Common Vulnerabilities and Exposures) exploitation. In addition, because Apple, for example, won’t allow folks like Comodo to ‘own’ the device to the root level, it’s easier for a rootkit to takeover. Unlike the open PC platform where any good anti-virus and firewall vendor can write drivers from the bios level up to the kernel and other areas, it’s a little tougher on these devices when companies like Apple won’t allow it and will remove your security program from their online store for violating their rules.



By June, 2012, Fake Android Antivirus Applications were released and downloaded. They were likely linked to the Zeus Banking Trojan. “A recently discovered fake Android security application is most likely a mobile component of the Zeus banking malware,” security researchers from antivirus firm Kaspersky Lab said. Called Android Security Suite Premium, the rogue application is capable of stealing SMS messages and uploading them to a remote server. When launched, the application displays a shield image that has long been associated with Windows fake antivirus programs, also known as FakeAV or scareware. (See also: "Tips for a Malware-Free Android Smartphone.") One anti-virus vendor recently discovered an online e-commerce site for the Android which offers dozens of allegedly legitimate AV applications from a variety of well-established security companies, but unfortunately all the files are of the same size (186.4kb) and the same nature: they belong to the Boxer family of premium rate SMS senders. Another recent example, ZitMo (Zeus in the Mobile) applications are malicious mobile applications that are used by cybercriminals in conjunction with the Zeus computer Trojan in order to steal money from online banking accounts. Their purpose is to steal mobile transaction authorization numbers (mTANs) sent by banks to their customers via SMS messages. Without mTANs, fraudsters wouldn't be able to authorize transactions initiated with stolen credentials. There are currently 201 CVEs (holes) found in the query “Android” at the National Vulnerability Database (see http://nvd.nist.gov) and 128 CVEs for the query “Apple iPhone”. This is a significant number of exploitable holes, most of which have been discovered this year.

http://nvd.nist.gov/



Prediction #5 Exponential growth of Bring Your Own Devices (BYOD) will become a top priority in government and organizations of all shapes and sizes.

Outcome #5 Because of the cost savings, convenience, increased employee satisfaction and productivity, BYOD has become a top priority this year. In 2012, Gartner Research stated that “Consumerization is an unstoppable trend, and most organizations need to demonstrate flexibility and allow employees to use their personal devices for work. But, they also need to establish limits and not permit every device, every operating system and every configuration. Although approaches such as server-based computing and virtualization will also be used to deal with consumerization, NAC provides the flexibility that enterprises need in a BYOD environment, while providing the controls that enable network and security managers to retain control over the network.” While BYOD (personal devices) are pervasive, they have added a new level of significant risk to all organizations. While we must allow this to happen, we need to control our networks, manage our risks and comply with regulations. Managing the BYOD dilemma has become a top priority this year.

Prediction #6 Stuxnet was just the beginning, as anti-virus vendors begin to catch up, new, more malicious and innovative zero-day malware will arrive.

Outcome #6 There have been billions of dollars in damages caused by exploiters on the Internet and this problem has not been resolved. These exploiters are intelligent cyber terrorists, criminals and hackers who have a plethora of tools available in their war chest - ranging from spyware, rootkits, Trojans, viruses, worms, zombies and botnets



to various other blended threats. From old ‘viruses’ to these new ‘botnets’, we can categorize them all as “malware.” While McAfee claims they have over 60,000,000 samples of malware in their database, they are unable to capture over 30% of new malware according to independent lab test results, conducted over 7 months, with the results being distributed upon completion in June, 2012 by Virus Bulletin test labs, see http://www.virusbtn.com. Not to pick on any one anti-virus vendor, the problem has outpaced their ability to provide a solution. Also, in recent reports by AV Test.org (see: http://www.av-test.org) and Anti-phishing.org (see: http://www.antiphishing.org) where millions of computers running traditional anti-virus software were scanned for malware using multiple tools, more than half of these systems had ‘live’ malware infections.

New “zero-day” malware (0-day) and Advanced Persistent Threats (APTs) operate in ways that do not appear to be malicious so that traditional anti-virus scanners are unable to detect them. Some of the more advanced heuristics systems such as Comodo’s Host-based Intrusion Prevention (HIPS) firewall, Prevx and Threatfire are

http://www.virusbtn.com/

http://www.av-test.org/

http://www.antiphishing.org/



able to detect some but not all of these infections. Unless all computing devices are ‘battleship hardened’ with their CVEs being removed, locked down and operate using a safe-list or ‘white list’ of trusted applications, ports and protocols, there’s really no way to stop this growing trend. This, of course, is impractical for all computers but could be implemented on a case-by-case basis in government, business and other organization networks but would require a serious, dedicated, consistent effort.

Prediction #7 Next Generation Firewalls will start to replace older deep packet inspection NAT-based firewalls, with a focus on USER and APPLICATION layer defenses. The bigger name firewalls will get phased out if they don’t innovate or acquire these novel solutions.

Outcome #7 Firewalls are generally the first line of defense between untrusted networks (such as the Internet or connections to business partners). They limit the attack aperture for vulnerable PCs, servers and other infrastructure elements. Firewalls long ago became a "check the box" requirement in most compliance regimes for securing trust boundaries. Throughout the years, firewalls have continued to evolve to add deeper and more flexible inspection and enforcement capabilities as threats advanced, and to run at faster and faster throughput rates as network speeds increased.



Just take a look at the magic quadrant that Gartner released in January, 2012:

More and more customers are considering the Palo Alto Networks firewall and Checkpoint’s Next Generation (NG) firewall while other major firewall vendors look to adapt and redesign their old fashioned technology. These newer firewalls are designed to focus on USER and APPLICATION layers of security.

Prediction #8 Strategically targeted social engineering coupled with eavesdropping, keylogging and covert VPN malware will become the top means for exploiting larger targeted organization and there will be at least ½ dozen very significant breaches that make headlines, while many more actually occur.



Outcome #8 According to the Privacy Rights Clearinghouse (see http://www.privacyrights.org), during the first half of 2012 we have seen 266 breaches that affect more than 18.5 million records. Dark Reading poured through the records and picked a breach for each month of 2012 (so far) as the most important exposures to learn from. Here are the ½ dozen significant breaches that have occurred as predicted (Source: Dark Reading and Privacy Rights Clearinghouse):

Zappos

Time of Disclosure: January 2012

Records Breached: 24 million records, including names, email addresses, phone numbers, last four digits of credit card numbers, and encrypted passwords

Incident: A hacker gained access through a Zappos server into the company's internal network to snag personal information that could be used to phish Zappos customers.

Lessons Learned: While there may be no such thing as a good breach, many experts believe Zappos stands as a role model in reducing risk factors following a breach. For one, the encryption the company used for its passwords passed muster. Second, the company clearly had an incident response and notification plan in place and used it. In an era where it is not a question of if but when a breach will hit, these are two huge factors to consider.

University of North Carolina

Time of Disclosure: February 2012

http://www.privacyrights.org/



Records Breached: 350,000 records

Incident: Two separate incidents, one going back a decade, exposed Social Security numbers and financial information online.

Lessons Learned: System misconfigurations caused back-end university systems to be exposed on the Internet for public consumption. This is an increasingly familiar breach scenario these days, as organizations struggle to keep access control configurations in check so that database information is made available to the people who need it without being opened up to the world at large. Setting systems configurations is not sexy work, but it is critical.

Global Payment Systems

Time of Disclosure: March 2012

Records Breached: 7 million consumer records, including 1.5 million credit cards

Incident: The credit card processor found in March that 1.5 million credit card records had been exported from its North American processing system. In its investigation, it most recently found that a database of new and past processing applicants had also been hit.

Lessons Learned: Without a doubt the most impactful breach of the year so far, this massive exposure offers a valuable lesson in the folly of point-in-time, check-box compliance. Hackers don't care whether your organization has been rubber-stamped by an auditor who sees the company is compliant on the day he or she signs the papers. Neither do regulatory bodies -- if you're breached, you're out of



compliance. In the case of Global Payments, it has been delisted by the card companies as a company meeting its security standards until it can prove it is back in compliance.

South Carolina Health and Human Services

Time of Disclosure: April 2012

Records Breached: 228,435 records

Incident: An employee was caught after emailing himself hundreds of thousands of patient records during the course of several months, including Medicaid ID numbers for more than 22,000 patients.

Lessons Learned: While many organizations are rightfully concerned about unauthorized access to their databases, sometimes it is the authorized users who can steal the most valuable and sensitive records. A data-centric security program that protects the information both inside and outside the database with means to track data movement is crucial to detecting insider theft before it does damage.

University of Nebraska

Time of Disclosure: May 2012

Records Breached: 654,000 student records

Incident: Social Security numbers, addresses, grades, and more were stolen from the Nebraska Student Information System (NeSIS)



database. Details of how the breach occurred are still under wraps, but a suspect has been identified and law enforcement is involved.

Lessons Learned: This particular breach affected a consolidated database system that stored volumes of information about students across the entire Nebraska State College System. As IT departments become more efficient and less siloed, information is increasingly consolidated into monolithic systems. This is a boon for organizations in many ways, but it also dramatically increases the importance of securing these data stores. Putting one's eggs in a single basket makes it prudent to make sure that basket is made out of Kevlar.

LinkedIn

Time of Disclosure: June 2012

Records Breached: 6.5 million user passwords

Incident: The appearance of a password dump on an online forum prompted responses from the security community, which confirmed that the information was from LinkedIn. After some scrambling, LinkedIn confirmed the breach.

Lessons Learned: Just slapping any old encryption scheme onto sensitive data is not good enough these days. LinkedIn's failure to salt its passwords left them open to easy cracking by unauthorized parties. The incident also stands as an important lesson in incident response -- many experts believe LinkedIn was unprepared to swiftly handle response to a security incident such as this.



Prediction #9 Growing Privacy Right Violations by Governments and their Contractors in the name of Cyber Defense will take place, even if SOPA and other Internet censorship laws don’t pass. The Anonymous hacking group will take tremendous advantage of this situation to wreak havoc against media, business and government organizations.

Outcome #9 Internet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, providing to third-parties, and displaying of information pertaining to oneself via the Internet. Privacy can entail both Personally Identifiable Information (PII) or non-PII information, such as a site visitor's behavior on a website. PII refers to any information that can be used to identify an individual. For example, age and physical address alone could identify who an individual is without explicitly disclosing their name, as these two factors are unique enough to typically identify a specific person. Internet privacy forms a subset of computer privacy. A number of experts within the field of Internet security and privacy believe that privacy doesn't exist; "Privacy is dead – get over it" according to Steve Rambam, private investigator specializing in Internet privacy cases. In fact, it has been suggested that the "appeal of online services is to broadcast personal information on purpose." On the other hand, in his essay The Value of Privacy, security expert Bruce Schneier says, "Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance." Privacy concerns have been articulated from the beginnings of large scale computer sharing. On January 18, 2012, the English Wikipedia, Reddit, and an estimated 7,000 other smaller websites coordinated a service blackout, to raise awareness. In excess of 160 million people viewed Wikipedia's banner. Other protests against SOPA and PIPA included petition drives, with Google stating it collected over 7 million signatures, boycotts of companies and organizations that support the legislation, and an opposition rally held in New York City.



In response to the protest actions, the Recording Industry Association of America (RIAA) stated, "It's a dangerous and troubling development when the platforms that serve as gateways to information intentionally skew the facts to incite their users and arm them with misinformation", and "it's very difficult to counter the misinformation when the disseminators also own the platform." Access to websites of several pro-SOPA organizations and companies such as RIAA, CBS.com, and others was impeded or blocked with denial of service attacks which started on January 19. Self-proclaimed members of the "hacktivist" group Anonymous claimed responsibility and stated the attacks were a protest of both SOPA and the United States Department of Justice's shutdown of Megaupload on that same day. Opponents of the bill have proposed the Online Protection and Enforcement of Digital Trade Act (OPEN) as an alternative. On January 20, 2012, House Judiciary Committee Chairman Smith postponed plans to draft the bill: "The committee remains committed to finding a solution to the problem of online piracy that protects American intellectual property and innovation ... The House Judiciary Committee will postpone consideration of the legislation until there is wider agreement on a solution." (Source: Wikipedia.org) Six months later, June, 2012, many key aspects of SOPA have returned in the form of the Intellectual Property Attaché Act (IPAA). Senator Lamar Smith introduced IPAA to Congress right under the noses of the American people, but his attempts will not be ignored. Just like SOPA, IPAA's objective is to "promote a level playing field for American innovators abroad and American job creation." Generally speaking, this goal seems noble; however, the means of which the bill proposes to create a "level playing field" are deplorable. The bill's main objective is to establish "intellectual property attachés" that would police the Internet in attempts to reduce "intellectual property infringement," not only in the U.S., but around the world. The aforementioned attachés would be trained and supervised by a "Director" who would be responsible for consulting



heads of different departments and agencies to "ensure the effectiveness of the intellectual property attaché program." If interested, you can read the entirety of IPAA here: https://www.eff.org/sites/default/files/SMITTX_084_xml_0.pdf

Prediction #10 Next Generation Network Access Control to solve internal security, BYOD and internal risk management issues will be a requirement in most organizations this year.

Outcome #10 A recent report from Gartner pointed to NAC being a key tool against the threat posed by BYOD. Indeed Gartner claims that “NAC provides one of the most flexible approaches to securely support BYOD.” Most of the BYOD dilemma is based upon the need to use wireless routers which cannot be easily secured, while a next generation approach to NAC secures wireless as well as wired, tracks and controls access by the BYOD personally owned equipment, alerts IT staff and inspects these devices to determine if they are weak and exploitable by having major CVEs (holes) or have been infected with new Zero-day malware (exploits). There are only a few next generation NAC vendors in the world and I am pleased to say NetClarity has patented our agent-less, non-inline methodologies including protecting against MAC address spoofers, which is why our NACwall appliances have become a requirement to help manage BYOD as well as PCI-DSS and other compliance needs this year.

https://www.eff.org/sites/default/files/SMITTX_084_xml_0.pdf



About the Author

GARY S. MILIEFSKY, FMDHS, CISSP®

Gary S. Miliefsky is the founder and Chief Technology Officer (CTO) of

NetClarity, Inc., where he can be found at http://www.netclarity.net. He is

a regular contributor to Hakin9 Magazine. He is a 20+ year information

security veteran and computer scientist. He is a member of ISC2.org,

CISSP® and Advisory Board of the Center for the Study of Counter-

Terrorism and Cyber Crime at Norwich University. Miliefsky is a Founding

Member of the US Department of Homeland Security

(http://www.DHS.gov), serves on the advisory board of MITRE on the CVE

Program (http://CVE.mitre.org) and is a founding Board member of the

National Information Security Group (http://www.NAISG.org).

http://www.netclarity.net/

http://www.dhs.gov/

http://cve.mitre.org/

http://www.naisg.org/

Documents

Top 10 Cybersecurity Predictions & Outcomes for 2012 · Top 10 Cybersecurity Predictions and Outcomes - 2012 Introduction In December of 2011, Netlarity [s Founder & TO made ten major