cioinsight.com
Home > RSS Feeds > Security
  • Despite clear evidence of the huge price of external cyber-attacks, both in terms of mitigation costs and reputation, organizations continue to short-change this key security area. A new study from the Ponemon Institute, "Security Beyond the Traditional Perimeter," states that companies don't have enough staff or sufficient technology to keep up with external threats, and they are not doing enough monitoring of their environments. From executive impersonations and social engineering exploits to branded attacks, enterprises seem unable to stop the bleeding, and there appears to be little reason for optimism. Given the value that surveyed companies place on intellectual property, this represents a huge failure of cyber-security efforts—a failure that presents an ongoing opportunity for the bad guys. "The majority of security leaders understand that these external threats imperil business continuity," said Larry Ponemon, president of the Ponemon Research Institute, which surveyed 591 IT and IT security professionals from more than 500 organizations in the United States. "The study highlights a gap in defenses against threats that have proven to be extremely effective for cyber-criminals and costly for enterprises."

  • Over the past couple of years, cloud adoption has spiked. Organizations increasingly view the technology as a productive and secure way to approach IT. Yet, despite remarkable advances in this space, the initiatives are increasingly complex, according to a newly released report from the Ponemon Institute and security firm Gemalto. The "2016 Global Cloud Data Security Study" found that cloud security and data security remain a challenge for many organizations. Among other things, not all data is controlled by IT departments, highly sensitive data often remains unencrypted, security and privacy protections are often lacking, and shadow IT can represent real-world risks. The study, which includes responses from 3,476 IT and IT security practitioners worldwide, offers insight into key trends in data governance and security practices for cloud-based services. As Larry Ponemon, founder and chairman of the Ponemon Institute explains: "Cloud security continues to be a challenge for companies, especially in dealing with the complexity of privacy and data protection regulations. … To ensure compliance, it is important … to consider deploying such technologies as encryption, tokenization or other cryptographic solutions to secure sensitive data transferred and stored in the cloud."

  • Weak ethical data practices can damage consumer trust in a brand, so companies must embed strong data ethics practices throughout decision-making processes. 

  • News reports about growing waves of ransomware and organizations that have been infected by it are chilling. Over the last few years, companies—staring down the barrel of encrypted and inaccessible files, and an inability to conduct normal business—have been coerced into coughing up multimillion dollar sums in order to regain control of critical data. A new report from security firm Kaspersky Security Network (KSN), "Ransomware Research Report," offers some interesting, if disturbing, insights into how the space is evolving and how organizations are at risk. The report points out that the attacks are becoming more frequent, and a larger swath of organizations are encountering these malicious methods, which typically take the form of pop-ups that block access to a browser or device, or a download that encrypts and locks files. In fact, the report goes so far as to describe ransomware as an "epidemic," but it also points out that organizations can protect their assets without paying off the cyber-criminals. When victims do pay, it "brings a lot of money into the underground ecosystem that has grown up around this malware, and, as a result, we are seeing new cryptors appear almost daily," warns Fedor Sinitsyn, senior malware analyst at Kaspersky Lab.

  • With the Summer Olympics kicking off today, August 5th, many organizations are unprepared for a significant—and potentially dangerous—boost in employee internet usage, according to recently released surveys from TEKsystems and Riverbed. After all, Zika isn't the only virus to worry about during the games, as cyber-criminals may exploit the increased interest in online streaming and Olympics-related sites to launch network attacks. Despite the elevated concerns, a significant number of companies do not plan to deploy additional filters, blockers, firewalls or similar software as a preventive measure this month. They also do not intend to issue guidelines for internet usage during the games. While many IT departments will attempt to limit streaming on the network, they realize that employees are getting around restrictions by using their personal devices to watch events while on the job. "A large number of organizations are not adequately preparing to guard against the increased risk to corporate networks from this activity," said Jason Hayman, research manager for TEKsystems. "Current mandates along with tracking internet use … are simply not sufficient. This goes beyond simply viewing or streaming by employees; the international nature of the Olympics and a heightened level of interest related to the host nation of this year's games potentially expose corporate networks to a variety of risks." More than 600 IT professionals took part in the TEKsystems research, and more than 300 took part in the Riverbed research.