cioinsight.com
Home > RSS Feeds > Security
  • The complexity of information technology continues to increase at a rapid pace, and the spate of systems, devices and identities that CIOs and other IT leaders must manage is pushing many organizations beyond their current capabilities. A recent study conducted by identity services provider GlobalSign in conjunction with research firm Vanson Bourne reports that business and IT leaders are increasingly concerned about identity relationship and access management (IRAM) capabilities—particularly as the bring-your-own-device movement and the Internet of things (IoT) take hold. The firms surveyed more than 1,000 senior IT leaders at organizations in the United States and the United Kingdom that have more than 1,000 employees. The report identifies a number of key issues and trends, including the increasing popularity of BYOD and teleworking, as well as the rapidly growing number of devices connected to enterprise networks. Nevertheless, "There are many actionable steps that IT managers can take immediately," notes Joan Lockhart, CMO of GlobalSign. Here's a look at some of the key findings:

  • For IT and business leaders, the pressure to unveil new and updated technologies, systems and apps—while securing existing infrastructure—is overwhelming. Security concerns and risks seem to grow daily. Hackers and other cyber-criminals are smart, determined and well-funded. A recently released study commissioned by Trustwave, "2015 Security Pressures Report," offers insights into this rapidly changing space and how organizations are responding to it. The survey, which includes responses from more than 1,000 IT security professionals in the United States, the United Kingdom and Canada, found that there's growing pressure to roll out new technology projects (such as cloud and mobile applications) despite unresolved security issues. In addition, as security threats continue to grow, organizations are finding that they are understaffed and underfunded. Nevertheless, they must cope with mounting pressure from CEOs and other C-level executives to protect corporate information, and many must navigate increasingly complex IT environments that span partner organizations. Here are some of the key findings from the report:

  • Incident response simulations provide companies with a detailed approach for responding to a cyber-attack and seeing how decisions are made during a crisis.

  • It's natural for businesses to use whatever data they can to drive profits—but some step over the line. Clearly, it's time for a privacy framework and policies.

  • ISACA CEO Matt Loeb offers insight into the security challenges companies face, President Obama's cyber-security summit, and the role of industry and government.

  • Today's IT security teams face a constant and evolving barrage of threats that force them to assess their security policies and procedures on an ongoing basis.

  • When everything, including security, is only about dollar costs and squeezing out maximum profits, we are headed down a dangerous and disturbing path.

  • As technology continues its breakneck pace of change, the threats keep evolving. Vulnerabilities in mobile applications are being increasingly exploited, and the Angler exploit kit is picking up where Blacole left off. In addition, the increasingly aggressive posture of potentially unwanted programs (PUPs) means that those seemingly harmless apps may not be that harmless after all. Intel Security's latest "McAfee Labs Threats Report," which summarizes McAfee Labs' 2014 findings, suggests those are three trends that information security teams should keep their eyes on. But it's clear that McAfee considers the alarming lack of patches issued for vulnerabilities in even the most popular mobile apps—some of which boast hundreds of millions of users—as the top concern. There's a lot at stake here, including the social contract that causes users to trust mobile apps. "Mobile app developers must take greater responsibility for ensuring that their applications follow the secure programming practices and vulnerability responses developed over the past decade," said Vincent Weafer, senior vice president of McAfee Labs. By doing so, he said, apps developers can "provide the level of protection required for us to trust our digital lives with them."