cioinsight.com
Home > RSS Feeds > Security
  • One of the nation's leading universities adopted a secure collaboration tool to sync, share, access and collaborate on documents on any device at any time.

  • The daily drumbeat of breaches and cyber-security attacks has become overwhelming for business and IT leaders. Yet, despite all the news and information about attack methods and protection strategies, many organizations are still struggling to keep up with the risks and dangers. At the center of the problem: zero-day risks. A recently released report from CheckPoint Software Technologies, "Check Point 2015 Security Report," snaps the issue into sharp focus. It found, among other things, that an incredible uptick in zero-day attacks occurred. These were directed at both networks and mobile devices. What's more, the cost of these events is on the rise, loss of proprietary information is a growing problem, and organizations have an increasing number of high-risk applications on their networks. "Today's cyber-criminals are sophisticated and ruthless," warned Amnon Bar-Lev, president of Check Point. "They prey on the weaknesses in a network, approaching any security layer as an open invitation to try to hack it." The security report is based on collaborative research and in-depth analysis of over 300,000 hours of monitored network traffic, from more than 16,000 threat prevention gateways and 1 million smartphones.

  • Cyber-criminals are increasingly using sophisticated techniques to target their victims, including malvertising, crypto-ransomware and zero-day exploits.

  • Over the last decade, distributed-denial-of-service attacks have grown from a nuisance to a persistent problem that can potentially cripple a company. The Kaspersky Lab reports that there were 12,281 unique victims of DDoS attacks during the first quarter of 2015, and these attacks targeted Web resources in 76 countries. A new report from security firm Imperva offers a deeper examination of the topic—as well as the risks and repercussions from DDoS assaults. Among other things, the "Imperva DDoS Report 2015" found that once an organization becomes a target of DDoS attacks, it remains a target; the length of a typical attack extends beyond the period most enterprise executives expect; and, if no mitigation occurs, organizations can lose millions of dollars and also wind up with frustrated customers who decide to give their business to competitive vendors. Imperva collected data in the wild during the course of mitigating thousands of DDoS assaults against Imperva Incapsula-protected domains and network infrastructures. Here are some of the key findings from the DDoS report:

  • Audits used to be done because of whistleblowers or suspicious licensing behaviors. Now, most software providers do audits as part of their business practices.

  • Although the methods used for malicious attacks constantly change and those in the crosshairs must continually adapt to new and changing tactics, some old and often forgotten approaches continue to do damage. One of these threats is the malicious macro. A new report from cyber-security firm Proofpoint—"How Does an Attack Technique Go from Antique to Blockbuster?"— examines these risks. By combining technical analysis of malware samples with investigation on cyber-criminal forums, the report identifies the economic and technical drivers behind the recent rise of malicious macros. It found that, from a cost perspective, malicious macros deliver the most "bang for the buck" because they combine lower up-front and maintenance costs with higher effectiveness to create a killer app for cyber-criminals. The advantages include the following: They are highly successful at evading signature and reputation-based defenses; they're easy to update at a low cost; they work across platforms; they are easy to use; and they are highly effective with social engineering techniques.

  • A partnership between Women in Technology and online course-provider Cybrary provides access to free technology training for WIT's members and protégés.

  • More than two out of five organizations plan to add new information security positions this year, according to industry research. Meanwhile, 28 percent of IT and information security employees think their companies have a "problematic" shortage of information security skills. The continuing demand is driving up salaries for cyber-security employees and managers, as the following list of top-paying IT security jobs from Dice demonstrates. With the latest "Verizon Data Breach Investigations Report" revealing that global organizations lost $400 million last year due to the compromise of 700 million records, companies are willing to pay well over six figures for staffers and managers who can protect their networks and data. Given that the cloud and mobility/bring-your-own-device (BYOD) practices further complicate the security environment, a wide range of well-paid engineers, officers and directors are needed to assemble an effective cyber-security team. "Both companies and professionals recognize that security plays a key role in a company's success, which is why we're seeing more demand for professionals with security skills," says Shravan Goli, president of Dice. "With that in mind, if companies and recruiters want to lure top security talent, they need to offer generous compensation packages and benefits." The list was based on research of more than 1,140 Dice job postings.