Great comparison in E-Hacking News between Incapsula and Cloudflare.

Targeted APT and advanced malware attacks leverage social engineering techniques to compromise those individuals already on the inside. The objective of these attacks is clear: identify and compromise specific individuals within an organization to obtain high-value data.

Are your employees unknowing victims of advanced malware? How do advanced malware and targeted APT attacks bypass traditional security defenses like anti-virus software?

This November 14th webinar, presented by Imperva's Director of Security Strategy, Rob Rachwald, will:

• Discuss the rise in advanced malware and targeted APT attacks
• Highlight why anti-virus software is powerless against sophisticated attacks
• Provide mitigation strategies for the compromised organization

The governor of South Carolina, after the big breach, is claiming that "nothing could have been done to block the attacks."  She then sites the "holes in the system" and the she says that the state followed "best practices."

Not so fast.

Interestingly, Deloitte just released a new survey that may help shed light on why the breach occurred. Several interesting data points all seem to congregate gem on p 23:

• The survey "shows that the majority of states continue to conduct internal and external system penetration testing on an ad-hoc basis only. In fact, the number that test on a quarterly basis has fallen slightly since 2010." 
• Figure 17 shows that application security vulnerability scans take place on an ad hoc basis 62% of the time.
• A pull out explains how North Carolina (!) has implemented a rigorous application vulnerability program.

Couple the above with our SQL injection rant from yesterday and you have a strong idea of how and why this breach took place and that something could have been done to stop it.