Cyber Security Institute

Tuesday, September 27, 2005

A recent report published by IDC concerning the issue of European enterprises mastering data protection, found that 25% of the respondents did not have a disaster recovery plan in place.  One of the big complaints for defending the absence of a disaster recovery strategy was that there was a lack of data storage technology available on the market.


Hacking, Viruses top concerns for enterprises

Survey findings showed that hacking, unauthorized access and firewall breaches are the biggest problems for small, medium and large enterprises evaluating network security solutions.  The survey, conducted by Nortel, indicated that nearly half of respondents fear hacking the most, followed by viruses and worms.  Moreover, more than half had experienced a virus attack.


Friday, September 23, 2005

Report: Security Slip-Ups Don’t Ding Stock Prices For Long

Most major security blunders don’t affect the company’s stock price for long, a researcher reported this week.  In fact, investors may be able to use the rebound to make money.  Kenneth Belva, who runs a security consulting company on the side and is an information security officer for Credit Industriel et Commercial in New York during the day, analyzed several prominent data breaches in 2004 and 2005 by comparing the negative press of the incident with the movement of the firm’s stock price.  “Why is it the case that information security incidents do not appear to have a greater impact on both investor confidence as well as the public at large?” asked Belva this week as he presented his research at the FiTech Summit on Long Island, N.Y. “If 40 million customer credit card numbers are exposed in a security breach at the credit card processor CardSystems, why do a significant number people not cancel their Visa and/or Mastercard?”


Symantec, Microsoft Plant Flags in Data Protection

Symantec and Microsoft are about to launch new software for replicating and saving files on Windows systems at a greater frequency than many offerings on the market.  The releases will mark the companies’ entries into the growing niche of continuous data protection (CDP), which pares the backup window faced by organizations, because data can be protected immediately.


Monday, September 19, 2005

Security Becomes Financial Watchword

Banks and other financial firms are using technology to make sure data doesn’t fall into the wrong hands.  The financial-services industry has been roiled this year by a string of data-security lapses involving tapes lost in transit, losses and theft of payment-card information, phishing attacks, and insider scams.  The list of companies that have been stung reads like a Who’s Who of the financial-services industry: Ameritrade, Bank of America, Citigroup, City National Bank, Commerce Bancorp, PNC Financial Services, and Wachovia.


Build Your Own Security Operations Center

If you don’t have a dedicated security operations center and staff, you’ll be scrambling to shore up your defenses, even as the bad guys are invading your system.  A SOC can be as simple as a set of offices or cubicles next to each other, or as sophisticated as a standalone complex with extra-large displays, two-factor physical security and a budget to match.
In a recent survey of Secure Enterprise readers, 72 percent of respondents with fewer than 5,000 employees had no plans to build a SOC.  Among the 28 percent who have a SOC or plan to build one, 53 percent will collocate in the network operations center, which makes sense because an existing NOC provides the framework to build in the additional functionality required for a SOC.


Friday, September 16, 2005

US banks lose $50bn to phantom fraudsters

Reported ID theft losses represent only the tip of an iceburg, dwarfed by fraudulent losses run up by crooks assuming completely fictitious identities, according to analysts Gartner.  It reckons ID theft will claim 10m US in 2005 resulting in losses of around $15bn from 50m accounts. By comparison “victimless” fraud - bad debt run up in the name of non-entities - will hit $50bn this year.


Thursday, September 15, 2005

Techies don’t get security either

Heads of information security functions are more likely to be business managers than techies in future as companies take a more strategic approach that balances IT security threats against business drivers.  That’s according to analyst house Gartner which predicts security will evolve into an element of a wider risk management strategy.  The concept of ‘acceptable risk’ is an oxymoron to many security professionals,” said Paul Proctor, research vice president with Gartner’s Information Security Group.


Wednesday, September 14, 2005

One-In-Six Spyware Apps Tries To Steal Identities

A significant portion of spyware is designed specifically to steal identities, underscoring the trend toward more malicious use of such software by criminals, said a security firm.  Fifteen percent of the 2,000 known spyware threats analyzed by Aladdin Knowledge Systems over a two-month span send private information gathered from the infected PC by logging keystrokes, capturing usernames and passwords, and hijacking e-mail address and contact lists.


Tuesday, September 13, 2005

Symantec: Mozilla browsers more vulnerable than IE

Mozilla Web browsers are potentially more vulnerable to attack than Microsoft’s Internet Explorer, according to a Symantec report.  But the report, released Monday, also found that hackers are still focusing their efforts on IE.


Cisco Making RFID Play

Cisco Systems unveiled plans to offer integrated RFID capabilities for its switches and routers. Cisco made its announcement at the EPCglobal US Conference 2005, a confab for Electronic Product Code (EPC) and RFID technology being held this week in Atlanta. 


Businesses Unprepared For Disasters: AT&T Survey

Despite high-profile disasters like Katrina, a third of all businesses lack continuity plans.  Is your network prepared for a disaster like hurricane Katrina?  A new report done by AT&T and the International Association of Emergency Managers (IAEM) suggests that many enterprise networks are not, and that a surprisingly large proportion of companies have made continuity planning a low priority.  The study, “Disaster Planning in the Private Sector: A Look at the State of Business Continuity in the U.S.,” found that almost one third of U.S. businesses do not have continuity plans, and that nearly 40% of the 1200 companies surveyed reported that continuity planning was not a priority.  More than 40% of the companies surveyed do not have off-site back-up or redundant servers and almost a third have failed to implement basic network security measures.  Indeed, two thirds of companies that had suffered some kind of disaster lost business.  Some 16% of these companies lost between $100,000 and $500,000 per day, and another 26% said that they were unable to estimate their losses due to disaster outages.


Monday, September 12, 2005

E-Mail Remains A Point Of Vulnerability

The total cost to protect E-messaging systems ranges from $117.34 per user per year for companies with fewer than 2,500 employees to $62.87 per user per year for companies with 2,500 or more employees.  This translates into a monthly cost per user of $9.78 and $5.24, respectively.


Web security - what’s that?

Many small businesses overlook web site security because they assume that their web site is of no interest to the hacker, particularly if they are processing little or no financial data.  However hackers aren’t just after credit card details these days - most small business web sites hold something far more valuable…  As someone who regularly gets to review the security of web sites I know more than most just how bad security can be.  But don’t just take my word for it - a recent study that reviewed 300 well known e-commerce sites found significant flaws in 97% of them.  And these were big budget sites that should have known better.


FDIC Issues Best Practices on Spyware Prevention and Detection

The Internet has become a popular method for both conducting business and managing finances through online banking relationships.  While most financial institutions and some individuals have taken steps to protect their computers, many firewall and anti-virus software packages do not protect computers from one of the latest threats, “spyware”—a form of software that collects personal and confidential information about a person or organization without their proper knowledge or informed consent, and reports it to a third party.  This informational supplement describes the various challenges and best practices related to spyware.  Financial institutions should consider these recommendations to prevent and detect spyware on both bank-owned and customer computers.


Friday, September 09, 2005

E-banking security provokes fear or indifference

The survey of 11,300 UK net users found that while many online banking consumers are complacent about security, a large minority have given up online banking as a direct result of security fears.  Most UK net users are aware of security threats like phishing and keystroke logging but are unfazed by these risks and expect their banks to deal with the problem - even though these attacks are thrown against consumer’s PCs rather than a bank’s own systems.


Does E-mail Retention Require Your Attention?

Today, if you Google the phrase, “email retention,” 19.6 Million matches are found.  If nothing else, that means that this topic is surrounded by industry buzz.  With all of the complex regulations that only include vague policies on email retention, it is hard to assess whether or not you will soon be thrown into the deep end.  While following behind the pace car that signifies “industry best practice,” it is also hard to justify whether or not this costly and time consuming practice truly warrants your immediate attention.  Requirements under the Sarbanes-Oxley Act, Sections 802 and 1102 state that anyone who knowingly destroys or alters a document that turns out to impede an investigation or obstruct an official proceeding, is subject to a 20-year prison term.  While most corporations have set some ground rules in regard to the appropriate way to utilize your corporate PC, it is hard to ascertain to what extent a company understands the content of their employee’s on-line interactions.  Running scans to pick up “naughty” words in your e-mail can not protect a corporation from avoiding in house terrorist activities or corporate fraud.  Research from the Radicatici Group, Inc. found that the average corporate email user sends and receives 84 emails a day, equating to 10MB of storage each day.  This number is expected to rise to 15.8 MB per user, per day by 2008.


Thursday, September 08, 2005

Symantec Plugs DoS Flaws in Brightmail

Internet security software vendor Symantec Corp. has shipped a patch for a pair of security flaws affecting users of its enterprise-facing Brightmail AntiSpam product.  According to a security advisory from Symantec, the vulnerabilities can be exploited by malicious hackers to launch denial-of-service attacks.


Wednesday, September 07, 2005

VOIP Pushes the Security Market

Businesses deployed Voice over Internet Protocol to enhance business telecom systems, facing difficult security challenges and are planning to replace their current security appliance within the next year.  These new findings were published by In-Stat, a high-tech market research firm, in its latest report dealing with the impact of VoIP on security appliances.  Key findings of the report include: small-medium-sized businesses show high concerns about VoIP security; companies implemented VoIP solutions have higher budget for new security appliances and reliability is the playing role for the purchase of new security products.


Friday, September 02, 2005

New line of network security by Symantec

Symantec has published its third-generation integrated security line, the Gateway Security 5600 Series, building in anti-virus and firewall capabilities as well as VPN, spam protection and other features.


Mobiles get Anti-Virus Protection

In response to the growing number of virus incidents that infect handsets, the Finnish security firm F-Secure has launched security program for mobile devices.  Even though a small number of viruses were reported, many security experts believe that mobile viruses will eventually become as big a nuisance as Windows viruses.


Thursday, September 01, 2005

CA Rolls Out Security Assertion Markup Language

Computer Associates International Inc. plans to use reduce costs and risks of connecting business applications and users across Web domains with Security Assertion Markup Language.  The scalable system is designed to allow customers to federate as identity providers or as service providers with multiple partners. It provides a standardized means for exchanging user authentication, entitlement and attribution both internally and externally.


Finns urge better Wi-Fi security after bank break-in

Finland has called on its citizens to take more care securing their Wi-Fi networks after it emerged this week that about â,¬200,000 (£135,623) had been stolen from a bank using an unprotected home network.  The Helsinki branch of global financing company GE Money called on police to investigate the theft in June.  Police now believe that the company’s 26-year-old head of data security in Helsinki stole banking software from the company along with passwords for its bank account.


Data storage and infrastructure management

The volume of data generated and stored by businesses is growing at an uncontrollable rate and companies have invested substantially in IT systems to help manage this growth.  The challenge they face is how to manage their data storage infrastructure cost-effectively.  More and more businesses are recognising that an effective way to reduce overall IT spend and, more specifically, the high cost of data storage is to outsource the provision of IT services to a third-party supplier.  But businesses have become wary of 100 per cent outsourcing contracts under which they lose control of the output and direction of the IT environment.  With the explosion of data being led by the need to improve quality of service to customers, enterprises are also striving to ensure that quality and system availability levels remain high across the infrastructure.

This has prompted businesses to consider the nature of the environment in which data is stored and effectiveness of their recovery systems.