cioinsight.com
Home > RSS Feeds > Security
  • More than two out of five organizations plan to add new information security positions this year, according to industry research. Meanwhile, 28 percent of IT and information security employees think their companies have a "problematic" shortage of information security skills. The continuing demand is driving up salaries for cyber-security employees and managers, as the following list of top-paying IT security jobs from Dice demonstrates. With the latest "Verizon Data Breach Investigations Report" revealing that global organizations lost $400 million last year due to the compromise of 700 million records, companies are willing to pay well over six figures for staffers and managers who can protect their networks and data. Given that the cloud and mobility/bring-your-own-device (BYOD) practices further complicate the security environment, a wide range of well-paid engineers, officers and directors are needed to assemble an effective cyber-security team. "Both companies and professionals recognize that security plays a key role in a company's success, which is why we're seeing more demand for professionals with security skills," says Shravan Goli, president of Dice. "With that in mind, if companies and recruiters want to lure top security talent, they need to offer generous compensation packages and benefits." The list was based on research of more than 1,140 Dice job postings.

  • Business and IT executives are increasingly aware that there's more to shadow IT than hardware and devices. There's also shadow data. Spotting, tracking and controlling data is a growing challenge, and the failure to keep data in tow can have dire consequences. A recently released report, "Shadow Data," from cloud data security firm Elastica, indicates that the stakes are growing. It found that the average cost of a data breach in 2014 reached $5.9 million, and 45 percent of Americans have been affected by a data breach within the last year. At the center of the issue: risky data exposures resulting from sanctioned cloud services and apps. In many cases, these problems result from a lack of knowledge about the type of data that's uploaded and how it is used and shared. Services such as Box, Dropbox and Google Drive introduce new and different risks, while also raising new questions about data ownership. But not all software-as-a-service (SaaS) apps are created equal. "Even with enterprise-grade cloud apps, there remains a challenge in understanding the sensitive content users are storing within them, and how that content is being exposed—intentionally or unintentionally," points out Elastica CEO Rehan Jalil. The report offers a number of insights about shadow data and what impact it has on the enterprise.

  • While defense-in-depth is a good concept for thinking about security, companies should focus on building a more resilient network to better protect their assets.

  • Over the last decade, enterprise social media has evolved from an appealing concept to an absolute necessity. Businesses are investing in new tools, systems and frameworks for connecting employees, customers and business partners. According to social media security provider NexGate (a division of security firm Proofpoint), the average Fortune 100 company it studied in a social media analysis has more than 320 branded social accounts, with more than 200,000 followers and 1,500 employee participants. Yet, all this opportunity also introduces significant compliance risks. In the United States alone, the FTC, SEC, FCA, FFIEC, FINRA, FDA, ABA and others have updated existing regulations to include specific social media provisions. A new report from the company, "State of Social Media infrastructure, Part III," examines this topic in detail. Among the issues it addresses: the number and frequency of compliance incidents, where and how incidents originate, and what is required to build a framework that minimizes the risk of violations and problems. Following are some of the key findings from the report.

  • C-level executives don't share the confidence levels of others in the organization that they're giving their board of directors all the information they need to make sound security decisions. While they are confident in their own cyber-security literacy, about a third of C-suite types don't believe boards are being properly equipped to make sound security decisions, and they don't think they have the right tools to accurately present cyber-security risks to the board. Conversely, IT professionals are more confident in the quality of board briefings, but they don't believe board members grasp the topic fully. Such are some of the findings of a recent survey from threat-detection vendor Tripwire, and a spokesman for the company suggested that bridging this risk-assessment gap is critical to reducing the number and scope of breaches. "The reality is that an extremely secure business may not operate as well as an extremely innovative business," said Dwayne Melancon, Tripwire's chief technology officer. "This means executives and boards have to collaborate on an acceptable risk threshold that may need adjustment as the business grows and changes. The good news is that conversations are beginning to happen at all levels of the organization. This is a critical step in changing the culture of business to better manage the ongoing and rapid changes in cyber-security risks." The company surveyed 200 business executives and 200 IT security professionals at large U.S. companies.

  • The Israeli telecom giant turned to an active breach detection system, which applies machine learning and behavioral profiling to identify attack behaviors.

  • A regional bank turned to multi-factor authentication to create a secure, user-friendly business environment, while boosting compliance with regulations.

  • Cyber-security affects almost every corner of the enterprise, including internal security, the bring-your-own-device (BYOD) movement, customer interactions, and even how organizations hire and train workers on security issues. A recent survey of 649 cyber-security professionals conducted by ISACA at the 2015 RSA Conference identified a number of key—and disturbing—trends. They include the following: Cyber-crime is on the rise, hackers and attackers are becoming more sophisticated, and most organizations are ill-equipped to deal with this problem. At the center of the equation is the fact that most organizations are coping with a shallow talent pool of cyber-security professionals, so they don't have the expertise or resources to handle complex threats. The top three staffing concerns involve the lack of adequate formal education, limited practical experience and the fact that many IT professionals don't have the required certifications. "The 'State of CyberSecurity: Implications for 2015' study reveals a high-risk environment that is being made worse by the lack of skilled talent," noted Robert Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies. "If there is any silver lining to this looming crisis, it is the opportunity [available] for college graduates and professionals seeking a career change."

  • It's estimated that Millennials will make up 50 percent of the workforce by 2020. While younger workers bring fresh ideas and new enthusiasm into the mix, they also introduce new and different values, as well as additional risks. A recently released study conducted by Absolute Software, "U.S. Mobile Device Security Survey Report 2015," reveals that younger workers are redefining enterprise data security. The study of 762 workers across North America found that Millennials are more apt than Baby Boomers to use employer-owned devices for personal use. They also are more likely to modify default settings on devices, and many of them believe that security is not their responsibility. In fact, the report identifies a number of key differences in the way Millennials and other generations in the workforce think about and approach cyber-security. Stephen Midgley, vice president of global marketing for Absolute Software, says that this behavior should be viewed as "an additional data point in [organizations'] endpoint security and data risk management strategies." Here are some of the study's key findings:

  • San Bernardino County Superintendent of Schools deploys an array of technologies to provide a secure, robust network for teachers, administrators and students.