Home > RSS Feeds > Security
  • It's no surprise to business and IT leaders that cyber-security risks have reached alarming levels, but a recent report from Unisys and the Ponemon Institute has unveiled some shocking research about the state of cyber-security in critical infrastructure industries. This situation has serious repercussions for the global economy, as well as for national security. According to the report, "Critical Infrastructure: Security Preparedness and Maturity," nearly 70 percent of the companies surveyed—organizations that are responsible for the world's power, water and other critical functions—acknowledged at least one security breach that led to the loss of confidential information or disruption of operations over the past 12 months. "The findings of the survey are startling, given that these industries form the backbone of the global economy and cannot afford a disruption," noted Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "While the desire for security protection is apparent among these companies, not nearly enough is actually being done to secure critical infrastructure against attacks." The survey was based on a Web survey of 599 respondents from 13 countries in the oil and gas, utilities, alternative energy and manufacturing industries from April to May 2014.

  • It seems that far too many information workers still don't fully understand the importance of keeping their log-in details confidential. In a recent study of 2,000 white-collar employees in the United States and the United Kingdom, security software vendor IS Decisions found that alarming numbers of workers don't believe their log-in details represent a security threat. What's worse, an even greater percentage of managers feel the same way. IS Decisions' report, "From Brutus to Snowden: A Study of Insider Threat Personas," also found that age is a significant determining factor, with younger workers being much more likely to share log-ins and passwords than their older colleagues. The findings serve as a reminder to IT security teams that understanding the behavior of their own users should be one of their most important jobs. "The recurrent theme is lack of education," said IS Decisions CEO François Amigorena. "This highlights the need for a tailored approach to tackling internal security that addresses everyone in an organization, from top to bottom." The company recommends some steps for dealing with this challenge, including making employees more familiar with security policies, restricting concurrent access and instituting harsher punishments for offenders. There's also one tongue-in-cheek piece of advice: Passwords are like underwear. They should be changed often, not shared with friends, kept as mysterious as possible and not left lying around.

  • Cyber-security attacks are increasing, and (ISC)2's goal is to help IT professionals address the growing complexities involved in protecting data and systems.