Cyber Security Institute

Thursday, November 29, 2007

Majority companies feel they are secure against the risk of data leaks

The email survey, conducted during the week of the HMRC data loss, showed that the majority of respondents feel their companies are secure against the risk of data leaks.  Less than half of respondents (48%) said their organisation had an encryption solution to protect sensitive data.  40% of the sample said their company did not have encryption, and a worrying 12% did not know if encryption was in place.  The research also showed that business PCs, laptops and mobile devices are also vulnerable to threats from malware, and attempts to hijack remote network connections.


World faces ‘cyber cold war’ threat, report says

A “cyber cold war” waged over the world’s computers threatens to become one of the biggest threats to security in the next decade, according to a report published Thursday.  About 120 countries are developing ways to use the Internet as a weapon to target financial markets, government computer systems, and utilities, Internet security company McAfee said in an annual report.


Study: ‘Huge jump’ in Microsoft flaws since last year

The past year has seen a massive increase in the number of flaws found in Microsoft software, according to vulnerability-scanning company Qualys.  “These charts show growth of nearly 300 percent from 2006 to 2007, primarily in new Excel vulnerabilities that can easily be exploited by getting unsuspecting users to open Excel files sent via e-mail and instant message.”


Wednesday, November 28, 2007

Report Details Real Costs of Data Breaches

A study released Wednesday shows the cost of a data breach is becoming increasingly expensive for firms—not so much because of the technological steps needed to fix the problem—but because the increasingly savvy public bails on the victim of the breach and takes their business with them.  The study was conducted by privacy and information management research firm Ponemon Institute along with Vontu, the data loss prevention software developer recently acquired by Symantec, and PGP, makers of the Pretty Good Privacy security software.  The study found that data breach incidents cost companies $197 per compromised customer record in 2007, compared to $182 in 2006. For a financial services firm, the cost was even more expensive at $239 per lost record. Most of the cost, $128 out of the $197, is from lost business and having to acquire new customers.  This data, according to the study and some security experts, is starting to affect how companies operate.


Tuesday, November 27, 2007

Client, Application Flaws Top SANS Vulnerability List

There are two major problems with the security of computers: the people who use them and the people who write software for them.  That’s the takeaway from this year’s Top 20 Vulnerabilities report issued earlier today by the SANS Institute, a leading security certification and training organization.  While attacks are becoming more sophisticated, it is vulnerabilities on the client and applications sides that present the greatest opportunities for attack, the report states.


Friday, November 09, 2007

Reaching For The Next SaaS Wave

It should come as no surprise that Cisco Systems and Adobe Systems, two companies that enjoyed spectacular growth establishing them as tech blue-chips during the nascent Internet, are also among the first companies to embrace the software-as-a-service model (SaaS) (define) as the vehicle of choice for the Internet’s next evolutionary phase.  On Thursday, both companies outlined their vision, their expectations and some of their new offerings for this emerging SaaS platform at the Software and Information Industry Association’s OnDemand conference in San Jose, Calif.


Thursday, November 08, 2007

PCI DSS Council adding new standard for payment applications

To force more security into the payment application development process, the Payment Card Industry Security Standards Council is adding a new provision to the PCI Data Security Standard (PCI DSS).  “With the PA-DSS managed by the council, we will ensure that payment application providers and their products are subject to data security requirements consistent with the current PCI DSS,” Bob Russo, general manager of PCI Security Standards Council, said in a statement.