Home > RSS Feeds > Security
  • As technology continues its breakneck pace of change, the threats keep evolving. Vulnerabilities in mobile applications are being increasingly exploited, and the Angler exploit kit is picking up where Blacole left off. In addition, the increasingly aggressive posture of potentially unwanted programs (PUPs) means that those seemingly harmless apps may not be that harmless after all. Intel Security's latest "McAfee Labs Threats Report," which summarizes McAfee Labs' 2014 findings, suggests those are three trends that information security teams should keep their eyes on. But it's clear that McAfee considers the alarming lack of patches issued for vulnerabilities in even the most popular mobile apps—some of which boast hundreds of millions of users—as the top concern. There's a lot at stake here, including the social contract that causes users to trust mobile apps. "Mobile app developers must take greater responsibility for ensuring that their applications follow the secure programming practices and vulnerability responses developed over the past decade," said Vincent Weafer, senior vice president of McAfee Labs. By doing so, he said, apps developers can "provide the level of protection required for us to trust our digital lives with them."  

  • A security threat report warns that new ransomware types have developed and are being distributed through email spam, malvertising and watering hole attacks.

  • Has information security outgrown IT? According to a report from HP, it's possible. The size, scope, severity and frequency of cyber-attacks have raised the profile of security teams to a new level, as evidenced by recent attacks against the likes of Anthem, Sony, Staples and JP Morgan Chase. As a result, cyber-security has evolved into a boardroom concern that calls for it to become a strategic component of the enterprise, on par with finance, marketing and operations. Such is the key takeaway from HP's "State of Security Operations 2015 Report." In assembling the report, HP performed 118 assessments of 87 security operations centers that it has equipped, determining that most enterprises are woefully unprepared to defend against even the most basic attacks. As such, the report suggests it's time to raise the profile of security in the corporate structure. "The size, scope and severity of threats now requires the attention of and direction from senior management, which must ensure that its cyber-security strategy is in alignment with the organization's objectives and risk tolerances," advises Chris Triolo, vice president of professional services for HP's enterprise security products. "In order to adapt, compete and succeed in the current security environment, where threats are evolving quicker than solutions, business leaders must expand security operations beyond IT and into a more strategic capacity."

  • The old saying "Fool me once, shame on you; fool me twice, shame on me" is taking on new life in the world of information security. Amid a constant flow of high-profile security breaches—and despite plenty of firsthand experience and indications that the volume of incidents is growing—network operators say their organizations are still struggling to prepare themselves for incidents. In addition, many companies are unable to bring in the security talent they need. These issues are among the takeaways from Arbor Networks' 10th annual "Worldwide Infrastructure Security Report." The report, which analyzes the responses of nearly 300 network operators from an assortment of service providers, enterprises, and education and government organizations, is the latest reminder for information security professionals that their skills are increasingly more essential to doing business in the 21st century. "Today, organizations have a much wider and more sophisticated range of threats to worry about, and a much broader attack surface to defend," says Darren Anstee, a director and solutions architect for Arbor. "The business impact of a successful attack or breach can be devastating. The stakes are much higher now."

  • The intensifying debate over digital privacy demonstrates the vast complexities of this issue. On one hand, users appreciate the advantages of having one-on-one purchasing experiences with companies. That's how, through alerts and other techniques, they quickly find what they need online and save money on the transaction. On the other hand, analytics empowers businesses to collect and use consumer data in ways that were unimaginable just a few years ago. Such dynamics are creating a perfect storm when it comes to consumer privacy, with a broad range of developing conflicts, trends and ethical challenges. To provide some insight, Constellation Research has published "Privacy Enters Adolescence: The State of Digital Safety and Privacy in 2015." The report, which has a list price of $995, includes big-picture themes that IT professionals and executives should consider—and even debate. We've adapted the following list of privacy themes based on the report, along with some best practices for enterprises trying to strike the right balance between business-benefiting innovation and respect for customers' personal information. "The digital world brings opportunities and risks that are without precedent in the history of commerce and society," according to the report's author, Steve Wilson. "Information paradoxically is both a commodity and, in the hands of analytics wizards, a great treasure. … Society's critical dependence on ubiquitous connectivity and frictionless access to data contrasts with traditional security and privacy practices, which unfortunately regard these very properties as a problem."

  • The Savannah River National Lab is turning to network fingerprinting technology to detect changes in power consumption that can indicate a security breach.

  • Cyber-security has emerged as a major challenge for businesses large and small. It increasingly impacts e-commerce, data management, employee collaboration, and a variety of other tasks and processes. In the end, it affects company growth and bottom-line results. A recently released study conducted by research firm Vanson Bourne and sponsored by CA Technologies, "8 Steps to Modernize Security for the Application Economy," examines security in the emerging app economy, including how companies are adapting to an explosion of Internet-enabled devices. Among other things, the survey found that protections must extend beyond internal systems and employees and out to business partners and consumers. There's also a need to shift away from extensive restrictions and use enabling technologies, such as application programming interfaces (APIs), two-factor authentication and bring-your-own-identity approaches. These tools, according to the report, are critical to achieving innovation and tapping into opportunities. Here are some of the key findings from the survey of 1,425 senior IT and business leaders, including CSOs and CISOs.

  • It's probably time to rethink this whole notion of work-life balance. With huge numbers of workers saying that they're using their work devices for personal business and using their personal devices to do work, the line between work and personal business is no longer just blurry. It's virtually nonexistent, and IT security teams must pay attention. That's the key takeaway from a recent survey conducted by MSI Research on behalf of Intel Security. MSI interviewed 2,500 professionals in 12 countries to gauge their attitudes about online data protection in the era of mobile business. What they found is that employees are increasingly using their work and personal devices interchangeably, placing the onus on their employers to adequately protect both. "Working wherever and whenever has rapidly become the norm, as employees and employers strive for increased productivity, collaboration and responsiveness," said Candace Worley, a senior vice president at Intel Security. "This can pose significant security risks for organizations, as employees often use whatever network is available to them whether they are sure it's secure or not." In other words, you're letting your mobile employees roam outside of your network unchecked at your own risk.