cioinsight.com
Home > RSS Feeds > Security
  • A growing number of companies are experiencing attacks and breaches. As a result, some are responding with larger security budgets and a more focused defense.

  • As the digital age unfolds, there's a growing need to focus security efforts on application vulnerabilities. Identifying and understanding the risks—as well as the potential repercussions—of different software vulnerabilities is critical. The recently released annual "Secunia Vulnerability Review 2015" offers a glimpse into emerging issues and trends, including the prevalence of vulnerabilities, the availability of patches, how organizations map security threats to IT infrastructures, and existing vulnerabilities in the 50 most popular applications on PCs. The security firm analyzed anonymous data from scans of millions of private computers using its Personal Software Inspector (PSI). In 2014, the firm found that application vulnerabilities increased by about 18 percent. "IT teams need to have complete visibility of the applications that are in use," advises Kasper Lindgaard, director of research and security at Secunia. "And they need firm policies and procedures in place in order to deal with vulnerabilities as they are disclosed."

  • Over the last few years, cloud computing has moved into the mainstream of the enterprise,  emerging as a valuable tool for managing IT systems, software and data. Yet, while the technology solves many security problems, it also introduces new challenges. A recently released "Cloud Security Spotlight Report" from Cloud Research Partners sheds light on emerging issues and how enterprise business and IT leaders are coping with them. The survey of 1,000 cyber-security professionals identifies a number of key drivers and risk factors related to cloud adoption, including unauthorized access, hijacking of accounts and dealing with malicious insiders. Overall, nearly 90 percent of respondents expressed concern about security and data risk. "Cloud security is top of mind for cyber-security professionals," noted Holger Schulze, founder of the Information Security Community on LinkedIn, which partnered on the report. "The fundamental perception is that … security concerns [are] a critical barrier to faster adoption of cloud services."

  • Companies are open to existing vulnerabilities mainly because they never implemented security patches, but many breaches could be avoided with more vigilance.

  • The complexity of information technology continues to increase at a rapid pace, and the spate of systems, devices and identities that CIOs and other IT leaders must manage is pushing many organizations beyond their current capabilities. A recent study conducted by identity services provider GlobalSign in conjunction with research firm Vanson Bourne reports that business and IT leaders are increasingly concerned about identity relationship and access management (IRAM) capabilities—particularly as the bring-your-own-device movement and the Internet of things (IoT) take hold. The firms surveyed more than 1,000 senior IT leaders at organizations in the United States and the United Kingdom that have more than 1,000 employees. The report identifies a number of key issues and trends, including the increasing popularity of BYOD and teleworking, as well as the rapidly growing number of devices connected to enterprise networks. Nevertheless, "There are many actionable steps that IT managers can take immediately," notes Joan Lockhart, CMO of GlobalSign. Here's a look at some of the key findings:

  • For IT and business leaders, the pressure to unveil new and updated technologies, systems and apps—while securing existing infrastructure—is overwhelming. Security concerns and risks seem to grow daily. Hackers and other cyber-criminals are smart, determined and well-funded. A recently released study commissioned by Trustwave, "2015 Security Pressures Report," offers insights into this rapidly changing space and how organizations are responding to it. The survey, which includes responses from more than 1,000 IT security professionals in the United States, the United Kingdom and Canada, found that there's growing pressure to roll out new technology projects (such as cloud and mobile applications) despite unresolved security issues. In addition, as security threats continue to grow, organizations are finding that they are understaffed and underfunded. Nevertheless, they must cope with mounting pressure from CEOs and other C-level executives to protect corporate information, and many must navigate increasingly complex IT environments that span partner organizations. Here are some of the key findings from the report:

  • Incident response simulations provide companies with a detailed approach for responding to a cyber-attack and seeing how decisions are made during a crisis.

  • It's natural for businesses to use whatever data they can to drive profits—but some step over the line. Clearly, it's time for a privacy framework and policies.

  • ISACA CEO Matt Loeb offers insight into the security challenges companies face, President Obama's cyber-security summit, and the role of industry and government.

  • Today's IT security teams face a constant and evolving barrage of threats that force them to assess their security policies and procedures on an ongoing basis.

  • When everything, including security, is only about dollar costs and squeezing out maximum profits, we are headed down a dangerous and disturbing path.