cioinsight.com
Home > RSS Feeds > Security
  • By now, it's apparent to just about everyone that digital technologies are both a blessing and a curse. They create new opportunities but also introduce bold new challenges. Mobility is at the center of this universe. It has revolutionized the enterprise, but it has also unleashed new risks and dangers—many revolving around bring-your-own-device (BYOD) and bring-your-own-apps (BYOA) initiatives. A new "Mobile Security Report" from cyber-security firm Spikes Security offers some insights into the state of mobile security. Among the key findings: Malicious exposures are common, a lack of knowledge about risks and prevention is prevalent, and the use of insecure devices and networks is near epidemic. The good news is that IT professionals are aware of these problems. "Nearly all respondents—99 percent—have concerns about mobile security," said Peter Tsai, IT content manager at Spiceworks. Franklyn Jones, CMO of Spikes Security, added: "The same challenges that IT security teams have had to deal with for on-premise users now apply to the growing number of mobile users. … The key difference is that, while on-premise network security is fairly mature, many organizations are still trying to understand how best to protect mobile users." The study is based on a Spiceworks survey of 160 IT professionals from organizations of 100 or more employees. Here's a look at some of the study's key findings and what IT leaders can do to mitigate dangers.

  • Interval Leisure Group turned to a simplified, streamlined approach to privilege management to provide role-based access controls for workers and consultants.

  • One of the nation's leading universities adopted a secure collaboration tool to sync, share, access and collaborate on documents on any device at any time.

  • The daily drumbeat of breaches and cyber-security attacks has become overwhelming for business and IT leaders. Yet, despite all the news and information about attack methods and protection strategies, many organizations are still struggling to keep up with the risks and dangers. At the center of the problem: zero-day risks. A recently released report from CheckPoint Software Technologies, "Check Point 2015 Security Report," snaps the issue into sharp focus. It found, among other things, that an incredible uptick in zero-day attacks occurred. These were directed at both networks and mobile devices. What's more, the cost of these events is on the rise, loss of proprietary information is a growing problem, and organizations have an increasing number of high-risk applications on their networks. "Today's cyber-criminals are sophisticated and ruthless," warned Amnon Bar-Lev, president of Check Point. "They prey on the weaknesses in a network, approaching any security layer as an open invitation to try to hack it." The security report is based on collaborative research and in-depth analysis of over 300,000 hours of monitored network traffic, from more than 16,000 threat prevention gateways and 1 million smartphones.

  • Cyber-criminals are increasingly using sophisticated techniques to target their victims, including malvertising, crypto-ransomware and zero-day exploits.

  • Over the last decade, distributed-denial-of-service attacks have grown from a nuisance to a persistent problem that can potentially cripple a company. The Kaspersky Lab reports that there were 12,281 unique victims of DDoS attacks during the first quarter of 2015, and these attacks targeted Web resources in 76 countries. A new report from security firm Imperva offers a deeper examination of the topic—as well as the risks and repercussions from DDoS assaults. Among other things, the "Imperva DDoS Report 2015" found that once an organization becomes a target of DDoS attacks, it remains a target; the length of a typical attack extends beyond the period most enterprise executives expect; and, if no mitigation occurs, organizations can lose millions of dollars and also wind up with frustrated customers who decide to give their business to competitive vendors. Imperva collected data in the wild during the course of mitigating thousands of DDoS assaults against Imperva Incapsula-protected domains and network infrastructures. Here are some of the key findings from the DDoS report:

  • Audits used to be done because of whistleblowers or suspicious licensing behaviors. Now, most software providers do audits as part of their business practices.

  • Although the methods used for malicious attacks constantly change and those in the crosshairs must continually adapt to new and changing tactics, some old and often forgotten approaches continue to do damage. One of these threats is the malicious macro. A new report from cyber-security firm Proofpoint—"How Does an Attack Technique Go from Antique to Blockbuster?"— examines these risks. By combining technical analysis of malware samples with investigation on cyber-criminal forums, the report identifies the economic and technical drivers behind the recent rise of malicious macros. It found that, from a cost perspective, malicious macros deliver the most "bang for the buck" because they combine lower up-front and maintenance costs with higher effectiveness to create a killer app for cyber-criminals. The advantages include the following: They are highly successful at evading signature and reputation-based defenses; they're easy to update at a low cost; they work across platforms; they are easy to use; and they are highly effective with social engineering techniques.

  • A partnership between Women in Technology and online course-provider Cybrary provides access to free technology training for WIT's members and protégés.