Cyber Security Institute
Trends
Wednesday, April 20, 2011
Data Security moves up the agenda & is now seen as important as cost savings within the public sect
The research, which was conducted using qualitative interview techniques with a range of public sector organisations across the UK shows that data security is now far higher on the agenda than in either of Becrypt’s previous two surveys. The research showed that there has been a significant change in attitudes to data security in the public sector, with 92% of those questioned now having specific policies for dealing with sensitive data.
Monday, October 18, 2010
Four Big Trends Changing Computing, Gartner Says
Cloud computing, social computing, context-aware computing, and pattern-based strategy are the four big trends that will alter IT in the next few years, according to Peter Sondergaard, SVP of Research for Gartner. Opening Gartner Symposium, one of the biggest annual gatherings of IT professionals, Sondergaard and other Gartner analysts expounded on the topic of “new realities, rules, and opportunities” that they say are transforming the technology and practice of IT. While none of these trends is particularly new, taken together, they do have the potential of really changing IT.
Thursday, October 14, 2010
Security’s Risk And Change Management Tools: Drawing A Picture Of Security Posture
It’s a question that business executives love to ask—and IT people hate to answer. “What’s our security status?” It’s a question that business executives love to ask—and IT people hate to answer. If you’ve been around IT security for more than a week, then you know there’s no definitive, empirical way to answer that question. Recently, however, some large enterprises have been getting a little closer to providing some metrics for security posture, using an emerging class of products that is coming into its own. The technology category—championed by vendors with names such as AlgoSec, RedSeal, Skybox, and Tufin—has been variously referred to as “security risk management,” “security life cycle management,” “firewall configuration management,” and “security posture management” (SPOM), among other names.
Wednesday, October 13, 2010
New Malware Wants Your Life, Not Your Passwords
A research paper published this week should serve as a wake-up call to those who are particularly fond of social networking sites and therefore make ideal candidates for a new breed of malware that in practice resembles something close to a black-market customer relationship management (CRM) system in reverse. Titled “Stealing Reality,” the paper was written and researched by academics and communications experts at MIT, Ben Gurion University and Deutsche Telekom Laboratories and uses complex mathematical formulas to demonstrate just how effective a stealth malware attack targeting Internet users’ behavior and communication patterns could be if practitioners were—- or already are—- willing to be patient and unobtrusive.
Sunday, October 10, 2010
Global Critical Infrastructure Increasingly Being Penetrated By Cyber Crooks
A new study called ‘Symantec 2010 Critical Infrastructure Protection Study has been conducted by the security firm Symantec that shows how frequent criminals do that. According to Mark Bregman, Chief Technology Officer at Symantec, half of the organizations surveyed stated that they had experienced politically provoked attacks in the past, as reported by investors on October 6, 2010. Only one third of the respondents were found to be extremely ready against such risks.
Saturday, August 21, 2010
Intel, McAfee Merger Plugs Network Security Hole
The acquisition of McAfee by Intel makes a very important statement when you view it in the context of the future of network security. It’s one of the big AV companies that have been around since the birth of malware, and it competes well against market leader Symantec. For people who think computer security is really just about this topic, the acquisition of McAfee by Intel doesn’t make a lot of sense. If that’s all Intel wanted, it could simply license it. But what most analysts are missing is that there’s a huge, and rapidly growing, universe of network-connected devices that are quite simply unprotected: a wide range of products from network-connected printers to Internet-aware security systems in buildings.
Thursday, June 03, 2010
IT Outsourcing Trends: Slow Growth, Cloud Computing
Despite predictions to the contrary, IT outsourcing has contracted rather than expanded in the years since we entered the Great Recession, according to industry watchers. “Most companies in most of the categories we track are only partially outsourcing a function,” said John Longwell, vice president of research at research firm Computer Economics….As we’re coming out of the recession, that trend is going to reverse itself.” IT consultancy EquaTerra said that more than 75 percent of the service providers it polled in the third quarter of 2009 reported continued growth in their deal pipeline, which was up 10 percent from the previous quarter and 34 percent from the same period year-over-year. The most recent Global TPI Index indicated that the IT outsourcing market’s total contract value in the fourth quarter of 2009 reached $19 billion, the highest quarterly total in six years.
Wednesday, June 02, 2010
Small And Midsize Companies Take New Directions On SIEM
For years now, compliance has been the primary reason why small and midsize businesses (SMBs) buy security information and event management (SIEM) tools. According to a study published today by the SANS Institute, SIEM and log management tools are becoming increasingly popular as a method for tracking down and diagnosing security problems, rather than serving primarily as tools for proving security compliance. That premise is supported by a separate study published simultaneously by security tool vendor RSA, which offers SIEM software.
Tuesday, May 25, 2010
Default Database Passwords Still In Use
The rampant use of default passwords within live database environments continues to plague the security of enterprise data, researchers say. “It’s a problem that has been around for a long, long time,” says Alex Rothacker, manager of Team SHATTER, Application Security Inc.‘s research arm.
Friday, April 02, 2010
US, Europe, Japan agree on data center efficiency metric
Industry groups and government agencies from the U.S., Europe and Japan have reached a basic agreement on how to measure the energy efficiency of data centers, they are expected to say on Monday. The agreement is seen as significant because it establishes a common metric that different types of data centers, in different parts of the world, can use to report their level of energy efficiency. That could provide a yardstick for companies to assess the efficiency of their own data centers, and also to gauge the effectiveness of energy-saving techniques employed by other facilities. Orchestrated by the Green Grid, an industry consortium in the U.S., the agreement is backed by the U.S. Department of Energy, the U.S. Environmental Protection Agency, the European Union Code of Conduct and the Japan Ministry of Economy, according to a statement from the Green Grid.
Tuesday, March 02, 2010
State Of Application Security: Nearly 60 Percent Of Apps Fail First Security Test
Even with all of the emphasis on writing software with security in mind, most software applications remain riddled with security holes, according to a new report released today about the actual security quality of all types of software. Around 58 percent of the applications tested by application security testing service provider Veracode in the past year-and-a-half failed to achieve a successful rating in their first round of testing.
Monday, February 22, 2010
Criminals Hide Payment-Card Skimmers Inside Gas Station Pumps
Criminals hid bank card-skimming devices inside gas pumps—in at least one case, even completely replacing the front panel of a pump—in a recent wave of attacks that demonstrate a more sophisticated, insidious method of stealing money from unsuspecting victims filling up their gas tanks. The scam was first discovered when a California bank’s fraud department discovered that multiple bank card victims reporting problems had all used the same gas pump at a 7-Eleven store in Utah.
Wednesday, January 13, 2010
IDC Expects A/P Security and Vulnerability Management Market to Achieve Largest Growth in 2010 as Or
According to the figures recently released in the IDC Asia/Pacific Semiannual Security Software Tracker, most security markets in the Asia/Pacific excluding Japan (APEJ) region are expected to post strong double-digit growth in 2010 compared to 2009. According to the study, the largest growth will be in the Security and Vulnerability Management (SVM) market which is forecast to grow some 19% to US$115.44 million in 2010. The Identity and Access Management (IAM) market is estimated to grow by 15.2% to reach US$ 326.38 million.
Sunday, January 10, 2010
Airport breaches on the rise nationwide
Government officials imposed stricter airport security measures after the failed Christmas Day bombing of a Northwest Airlines flight to Detroit. Such breakdowns are rare, officials said, but a government report released in October shows breaches at U.S. airports nearly doubled over five years. “That’s only the breaches we know about,” said Mike Boyd, president of the Colorado-based aviation consulting firm Boyd Group International. The Transportation Security Administration reported 1,442 security breaches at the nation’s 450 commercial airports in the fiscal year ended Sept. 30, 2004, according to the Government Accountability Office report.
Friday, December 18, 2009
Security Heavyweights Predict 2010 Threats
Upcoming security threats for 2010, as predicted by CA, Cisco, Symantec, Websense and a group of experts at Independent Security Evaluators. Social networks are going to become a prime target for cybercriminals in 2010, according to security predictions from annual security reports released this month by CA Inc., Cisco Systems Inc. and Symantec Corp. A prediction list gathered from Independent Security Evaluators (ISE) and another list issued by Websense Inc. also anticipate increased threats on or towards major social networking sites. Social networks was the only prediction highlighted by all five sources, but increased use of search engine optimization (SEO) attacks, shorts URLs and malvertising, as well as an upcoming focus on smartphones and the Mac OS X platform, were also noted on multiple accounts.
Sunday, December 13, 2009
Identity theft prevention is security spending focus
Organisation expect their largest security IT expenditure to be in identity theft and abuse prevention solutions, followed by spending to prevent external threats, unintentional privacy breaches, remote access abuse and spam. The global survey of over 400 companies with 500 or more employees found that organisations felt they would most likely have to deal with PC theft or loss (54%), spam attack (45%), misuse or hacking (45%), and spying tools (45%) as the most likely security incidents, while external threats (52%), internal intentional misuse (49%), remote access abuse (47%), identity theft (47%), and virus attack (43%) would be the most damaging security incidents.
Thursday, December 10, 2009
Top five security challenges of 2010
Social networking sites like Twitter, LinkedIn, Facebook and MySpace will pose one of the biggest threats in 2010, according to TriGeo Network Security, a provider of security information and event management (SIEM) technology for midmarket enterprises. According to the Identity Theft Resource Center, the number of data breaches in 2009 is on track to drop by nearly 50 percent when compared with 2008. Two more American states will pass data breach laws.
Tuesday, December 08, 2009
Hackers Targeting Banks, Social Sites
A yearly security report released Tuesday by technology company Cisco says that banks and online social networks are growing targets for cyber criminals. Strategies used to hack into social-networking sites include grabbing passwords and then utilizing the fact that people only have one password for all their accounts. Cisco said that a specific computer worm has been spread to more than three million computers since 2008.
Monday, November 16, 2009
FBI Says Hackers Targeting Law Firms, PR Companies
Hackers are increasingly targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients doing business overseas. The FBI has issued an advisory that warns companies of “noticeable increases” in efforts to hack into the law firms’ computer systems—- a trend that cyber experts say began as far back as two years ago but has grown dramatically. In many cases, the intrusions are what cyber security experts describe as “spear phishing,” attacks that come through personalized spam e-mails that can slip through common defenses and appear harmless because they have subject lines appropriate to a person’s business and appear to come from a trusted source.
Tuesday, November 10, 2009
SaaS Offerings May Play Key Role In Small Business Security, Report Says
Hackers don’t care how big your business is. As a result, many small and midsize businesses today have enterprise-class security vulnerabilities—and only a fraction of enterprise security budgets. To help close the gap, many SMBs are turning to third-party security services, according to a new report published today by Dark Reading and InformationWeek Analytics. The report outlines some of the differences between the needs of the small business and those of the large enterprise. “The biggest thing SMB IT pros have going for them is an intimate knowledge of how the business operates, where its sensitive data resides, and what its weak points are,” the report states.
Thursday, November 05, 2009
Canada - Beef information Service
The Beef Information Centre (BIC), which works with industry leaders in the promotion of Canadian beef, is commending McDonald’s Canada for its long-standing commitment to sourcing beef from Canadian producers. This is especially timely in light of an Internet email hoax spreading false information about McDonald’s Canada’s beef sourcing practices.
Monday, November 02, 2009
Phishing, worms spike this year, say Microsoft and McAfee
Scammers are targeting social networks with phishing scams and relying more heavily on worms and Trojans to attack computers, according to security trend reports to be released Monday by Microsoft and McAfee. Phishing attacks saw a big spike in May and June, primarily because of campaigns targeting social-networking sites, according to Microsoft’s report covering the first half of 2009.
Wednesday, October 21, 2009
Information Security Still a Priority In IT Budgets
A survey from PricewaterhouseCoopers shows that infosec budgets are seeing little in the way of cuts, and are even increasing in some cases.
Just because there’s a global economic crisis doesn’t mean the security teams at the world’s companies will be getting any kind of break in their work.
Friday, May 01, 2009
Experts Chart Spike in Cyber Sieges
Cyber attacks with enough firepower to knock entire countries off the Internet have spiked in recent months, raising fresh concerns within the security community about weaknesses in the Internet infrastructure that help create such weapons of mass disruption. These “distributed denial of service” or DDoS attacks use robot networks or “botnets”—many hundreds or thousands of compromised PCs—to flood targets with so much junk traffic that they can no longer accommodate legitimate visitors. While DDoS attacks have been a common threat since the dawn of the commercial Internet, DDoS watchers, such as Arbor Networks, have tracked a recent spike in the number, sophistication and size of attacks against major Internet providers. Attackers also appear to be picking bigger targets.
Friday, March 27, 2009
New Rootkit Attack Hard To Kill
Researchers have come up with a way to create an even stealthier rootkit that survives reboots and evades antivirus software. Anibal Sacco and Alfredo Ortega, both exploit writers for Core Security Technologies, were able to inject a rootkit into commercial BIOS firmware using their own Python-based tool that installed the rootkit via an update, or flash, process.
Tuesday, February 17, 2009
Number of reported cyber incidents jumps
Federal civilian agencies reported three times as many cyber-related incidents in fiscal 2008 as they did in fiscal 2006 to the Homeland Security Department’s office that coordinates defenses and responses to cyberattacks. The agencies reported to DHS’ United States Computer Emergency Readiness Team (US-CERT) a total of 18,050 incidents in fiscal 2008, compared with 12,986 in fiscal 2007 and 5,144 in fiscal 2006, according to DHS officials. Overall, the total number of incidents reported to US-CERT from commercial, foreign, private, and federal, state and local government sectors rose from 24,097 in fiscal 2006 to 72,065 in fiscal 2008.
Number of reported cyber incidents jumps
Federal civilian agencies reported three times as many cyber-related incidents in fiscal 2008 as they did in fiscal 2006 to the Homeland Security Department’s office that coordinates defenses and responses to cyberattacks. The agencies reported to DHS’ United States Computer Emergency Readiness Team (US-CERT) a total of 18,050 incidents in fiscal 2008, compared with 12,986 in fiscal 2007 and 5,144 in fiscal 2006, according to DHS officials. Overall, the total number of incidents reported to US-CERT from commercial, foreign, private, and federal, state and local government sectors rose from 24,097 in fiscal 2006 to 72,065 in fiscal 2008.
Thursday, January 29, 2009
McAfee highlights perils of offshoring sensitive data
Global companies may have lost over $1tn (£696bn) worth of intellectual property last year owing to data theft, according to new research from McAfee presented today at the World Economic Forum in Davos. Respondents to the study indicated that they lost a combined $4.6bn (£3.2bn) worth of intellectual property last year, and spent around $600m (£418m) repairing damage from data breaches.
Friday, January 16, 2009
New Report Predicts Increased Security Spend
Hot on the heels of Forrester Research’s recent prediction that enterprise businesses will increase security spending from 11.7 percent to 12.6 percent of their overall IT budgets during 2009, gateway filtering specialists Finjan have published results of a survey that highlights even more optimistic growth estimates. Hot on the heels of Forrester Research’s recent prediction that enterprise businesses will increase security spending from 11.7 percent to 12.6 percent of their overall IT budgets during 2009, gateway filtering specialists Finjan have published results of a survey that highlights even more optimistic growth estimates.
Wednesday, January 14, 2009
Gartner EXP Worldwide Survey of More Than 1,500 CIOs Shows IT Spending to Be Flat in 2009
As enterprises face a challenging economic environment, IT spending budgets will be essentially flat with a planned increase of 0.16 percent in 2009, according to results from the 2009 CIO survey by Gartner Executive Programs (EXP). The worldwide survey of 1,527 CIOs was conducted by Gartner EXP from September 15 to December 15 2008 and represents CIO budget plans reported at that time. Flat IT budgets were found across enterprises in North America and Europe, with slight increases in Latin America and a slight decrease in Asia/Pacific.