Cyber Security Institute
Trends
Saturday, August 21, 2010
Intel, McAfee Merger Plugs Network Security Hole
The acquisition of McAfee by Intel makes a very important statement when you view it in the context of the future of network security. It’s one of the big AV companies that have been around since the birth of malware, and it competes well against market leader Symantec. For people who think computer security is really just about this topic, the acquisition of McAfee by Intel doesn’t make a lot of sense. If that’s all Intel wanted, it could simply license it. But what most analysts are missing is that there’s a huge, and rapidly growing, universe of network-connected devices that are quite simply unprotected: a wide range of products from network-connected printers to Internet-aware security systems in buildings.
Thursday, June 03, 2010
IT Outsourcing Trends: Slow Growth, Cloud Computing
Despite predictions to the contrary, IT outsourcing has contracted rather than expanded in the years since we entered the Great Recession, according to industry watchers. “Most companies in most of the categories we track are only partially outsourcing a function,” said John Longwell, vice president of research at research firm Computer Economics….As we’re coming out of the recession, that trend is going to reverse itself.” IT consultancy EquaTerra said that more than 75 percent of the service providers it polled in the third quarter of 2009 reported continued growth in their deal pipeline, which was up 10 percent from the previous quarter and 34 percent from the same period year-over-year. The most recent Global TPI Index indicated that the IT outsourcing market’s total contract value in the fourth quarter of 2009 reached $19 billion, the highest quarterly total in six years.
Wednesday, June 02, 2010
Small And Midsize Companies Take New Directions On SIEM
For years now, compliance has been the primary reason why small and midsize businesses (SMBs) buy security information and event management (SIEM) tools. According to a study published today by the SANS Institute, SIEM and log management tools are becoming increasingly popular as a method for tracking down and diagnosing security problems, rather than serving primarily as tools for proving security compliance. That premise is supported by a separate study published simultaneously by security tool vendor RSA, which offers SIEM software.
Tuesday, May 25, 2010
Default Database Passwords Still In Use
The rampant use of default passwords within live database environments continues to plague the security of enterprise data, researchers say. “It’s a problem that has been around for a long, long time,” says Alex Rothacker, manager of Team SHATTER, Application Security Inc.‘s research arm.
Friday, April 02, 2010
US, Europe, Japan agree on data center efficiency metric
Industry groups and government agencies from the U.S., Europe and Japan have reached a basic agreement on how to measure the energy efficiency of data centers, they are expected to say on Monday. The agreement is seen as significant because it establishes a common metric that different types of data centers, in different parts of the world, can use to report their level of energy efficiency. That could provide a yardstick for companies to assess the efficiency of their own data centers, and also to gauge the effectiveness of energy-saving techniques employed by other facilities. Orchestrated by the Green Grid, an industry consortium in the U.S., the agreement is backed by the U.S. Department of Energy, the U.S. Environmental Protection Agency, the European Union Code of Conduct and the Japan Ministry of Economy, according to a statement from the Green Grid.
Monday, March 01, 2010
State Of Application Security: Nearly 60 Percent Of Apps Fail First Security Test
Even with all of the emphasis on writing software with security in mind, most software applications remain riddled with security holes, according to a new report released today about the actual security quality of all types of software. Around 58 percent of the applications tested by application security testing service provider Veracode in the past year-and-a-half failed to achieve a successful rating in their first round of testing.
Monday, February 22, 2010
Criminals Hide Payment-Card Skimmers Inside Gas Station Pumps
Criminals hid bank card-skimming devices inside gas pumps—in at least one case, even completely replacing the front panel of a pump—in a recent wave of attacks that demonstrate a more sophisticated, insidious method of stealing money from unsuspecting victims filling up their gas tanks. The scam was first discovered when a California bank’s fraud department discovered that multiple bank card victims reporting problems had all used the same gas pump at a 7-Eleven store in Utah.
Wednesday, January 13, 2010
IDC Expects A/P Security and Vulnerability Management Market to Achieve Largest Growth in 2010 as Or
According to the figures recently released in the IDC Asia/Pacific Semiannual Security Software Tracker, most security markets in the Asia/Pacific excluding Japan (APEJ) region are expected to post strong double-digit growth in 2010 compared to 2009. According to the study, the largest growth will be in the Security and Vulnerability Management (SVM) market which is forecast to grow some 19% to US$115.44 million in 2010. The Identity and Access Management (IAM) market is estimated to grow by 15.2% to reach US$ 326.38 million.
Sunday, January 10, 2010
Airport breaches on the rise nationwide
Government officials imposed stricter airport security measures after the failed Christmas Day bombing of a Northwest Airlines flight to Detroit. Such breakdowns are rare, officials said, but a government report released in October shows breaches at U.S. airports nearly doubled over five years. “That’s only the breaches we know about,” said Mike Boyd, president of the Colorado-based aviation consulting firm Boyd Group International. The Transportation Security Administration reported 1,442 security breaches at the nation’s 450 commercial airports in the fiscal year ended Sept. 30, 2004, according to the Government Accountability Office report.
Friday, December 18, 2009
Security Heavyweights Predict 2010 Threats
Upcoming security threats for 2010, as predicted by CA, Cisco, Symantec, Websense and a group of experts at Independent Security Evaluators. Social networks are going to become a prime target for cybercriminals in 2010, according to security predictions from annual security reports released this month by CA Inc., Cisco Systems Inc. and Symantec Corp. A prediction list gathered from Independent Security Evaluators (ISE) and another list issued by Websense Inc. also anticipate increased threats on or towards major social networking sites. Social networks was the only prediction highlighted by all five sources, but increased use of search engine optimization (SEO) attacks, shorts URLs and malvertising, as well as an upcoming focus on smartphones and the Mac OS X platform, were also noted on multiple accounts.
Sunday, December 13, 2009
Identity theft prevention is security spending focus
Organisation expect their largest security IT expenditure to be in identity theft and abuse prevention solutions, followed by spending to prevent external threats, unintentional privacy breaches, remote access abuse and spam. The global survey of over 400 companies with 500 or more employees found that organisations felt they would most likely have to deal with PC theft or loss (54%), spam attack (45%), misuse or hacking (45%), and spying tools (45%) as the most likely security incidents, while external threats (52%), internal intentional misuse (49%), remote access abuse (47%), identity theft (47%), and virus attack (43%) would be the most damaging security incidents.
Thursday, December 10, 2009
Top five security challenges of 2010
Social networking sites like Twitter, LinkedIn, Facebook and MySpace will pose one of the biggest threats in 2010, according to TriGeo Network Security, a provider of security information and event management (SIEM) technology for midmarket enterprises. According to the Identity Theft Resource Center, the number of data breaches in 2009 is on track to drop by nearly 50 percent when compared with 2008. Two more American states will pass data breach laws.
Tuesday, December 08, 2009
Hackers Targeting Banks, Social Sites
A yearly security report released Tuesday by technology company Cisco says that banks and online social networks are growing targets for cyber criminals. Strategies used to hack into social-networking sites include grabbing passwords and then utilizing the fact that people only have one password for all their accounts. Cisco said that a specific computer worm has been spread to more than three million computers since 2008.
Monday, November 16, 2009
FBI Says Hackers Targeting Law Firms, PR Companies
Hackers are increasingly targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients doing business overseas. The FBI has issued an advisory that warns companies of “noticeable increases” in efforts to hack into the law firms’ computer systems—- a trend that cyber experts say began as far back as two years ago but has grown dramatically. In many cases, the intrusions are what cyber security experts describe as “spear phishing,” attacks that come through personalized spam e-mails that can slip through common defenses and appear harmless because they have subject lines appropriate to a person’s business and appear to come from a trusted source.
Tuesday, November 10, 2009
SaaS Offerings May Play Key Role In Small Business Security, Report Says
Hackers don’t care how big your business is. As a result, many small and midsize businesses today have enterprise-class security vulnerabilities—and only a fraction of enterprise security budgets. To help close the gap, many SMBs are turning to third-party security services, according to a new report published today by Dark Reading and InformationWeek Analytics. The report outlines some of the differences between the needs of the small business and those of the large enterprise. “The biggest thing SMB IT pros have going for them is an intimate knowledge of how the business operates, where its sensitive data resides, and what its weak points are,” the report states.
Thursday, November 05, 2009
Canada - Beef information Service
The Beef Information Centre (BIC), which works with industry leaders in the promotion of Canadian beef, is commending McDonald’s Canada for its long-standing commitment to sourcing beef from Canadian producers. This is especially timely in light of an Internet email hoax spreading false information about McDonald’s Canada’s beef sourcing practices.
Monday, November 02, 2009
Phishing, worms spike this year, say Microsoft and McAfee
Scammers are targeting social networks with phishing scams and relying more heavily on worms and Trojans to attack computers, according to security trend reports to be released Monday by Microsoft and McAfee. Phishing attacks saw a big spike in May and June, primarily because of campaigns targeting social-networking sites, according to Microsoft’s report covering the first half of 2009.
Wednesday, October 21, 2009
Information Security Still a Priority In IT Budgets
A survey from PricewaterhouseCoopers shows that infosec budgets are seeing little in the way of cuts, and are even increasing in some cases.
Just because there’s a global economic crisis doesn’t mean the security teams at the world’s companies will be getting any kind of break in their work.
Friday, May 01, 2009
Experts Chart Spike in Cyber Sieges
Cyber attacks with enough firepower to knock entire countries off the Internet have spiked in recent months, raising fresh concerns within the security community about weaknesses in the Internet infrastructure that help create such weapons of mass disruption. These “distributed denial of service” or DDoS attacks use robot networks or “botnets”—many hundreds or thousands of compromised PCs—to flood targets with so much junk traffic that they can no longer accommodate legitimate visitors. While DDoS attacks have been a common threat since the dawn of the commercial Internet, DDoS watchers, such as Arbor Networks, have tracked a recent spike in the number, sophistication and size of attacks against major Internet providers. Attackers also appear to be picking bigger targets.
Friday, March 27, 2009
New Rootkit Attack Hard To Kill
Researchers have come up with a way to create an even stealthier rootkit that survives reboots and evades antivirus software. Anibal Sacco and Alfredo Ortega, both exploit writers for Core Security Technologies, were able to inject a rootkit into commercial BIOS firmware using their own Python-based tool that installed the rootkit via an update, or flash, process.
Tuesday, February 17, 2009
Number of reported cyber incidents jumps
Federal civilian agencies reported three times as many cyber-related incidents in fiscal 2008 as they did in fiscal 2006 to the Homeland Security Department’s office that coordinates defenses and responses to cyberattacks. The agencies reported to DHS’ United States Computer Emergency Readiness Team (US-CERT) a total of 18,050 incidents in fiscal 2008, compared with 12,986 in fiscal 2007 and 5,144 in fiscal 2006, according to DHS officials. Overall, the total number of incidents reported to US-CERT from commercial, foreign, private, and federal, state and local government sectors rose from 24,097 in fiscal 2006 to 72,065 in fiscal 2008.
Number of reported cyber incidents jumps
Federal civilian agencies reported three times as many cyber-related incidents in fiscal 2008 as they did in fiscal 2006 to the Homeland Security Department’s office that coordinates defenses and responses to cyberattacks. The agencies reported to DHS’ United States Computer Emergency Readiness Team (US-CERT) a total of 18,050 incidents in fiscal 2008, compared with 12,986 in fiscal 2007 and 5,144 in fiscal 2006, according to DHS officials. Overall, the total number of incidents reported to US-CERT from commercial, foreign, private, and federal, state and local government sectors rose from 24,097 in fiscal 2006 to 72,065 in fiscal 2008.
Thursday, January 29, 2009
McAfee highlights perils of offshoring sensitive data
Global companies may have lost over $1tn (£696bn) worth of intellectual property last year owing to data theft, according to new research from McAfee presented today at the World Economic Forum in Davos. Respondents to the study indicated that they lost a combined $4.6bn (£3.2bn) worth of intellectual property last year, and spent around $600m (£418m) repairing damage from data breaches.
Friday, January 16, 2009
New Report Predicts Increased Security Spend
Hot on the heels of Forrester Research’s recent prediction that enterprise businesses will increase security spending from 11.7 percent to 12.6 percent of their overall IT budgets during 2009, gateway filtering specialists Finjan have published results of a survey that highlights even more optimistic growth estimates. Hot on the heels of Forrester Research’s recent prediction that enterprise businesses will increase security spending from 11.7 percent to 12.6 percent of their overall IT budgets during 2009, gateway filtering specialists Finjan have published results of a survey that highlights even more optimistic growth estimates.
Wednesday, January 14, 2009
Gartner EXP Worldwide Survey of More Than 1,500 CIOs Shows IT Spending to Be Flat in 2009
As enterprises face a challenging economic environment, IT spending budgets will be essentially flat with a planned increase of 0.16 percent in 2009, according to results from the 2009 CIO survey by Gartner Executive Programs (EXP). The worldwide survey of 1,527 CIOs was conducted by Gartner EXP from September 15 to December 15 2008 and represents CIO budget plans reported at that time. Flat IT budgets were found across enterprises in North America and Europe, with slight increases in Latin America and a slight decrease in Asia/Pacific.
Monday, January 12, 2009
Cyber attacks ranked 3rd danger behind nuclear war
Cyber attacks pose the greatest threat to the United States after nuclear war and weapons of mass destruction - and they are increasingly hard to prevent, FBI experts say. “Other than a nuclear device or some other type of destructive weapon, the threat to our infrastructure, the threat to our intelligence, the threat to our computer network is the most critical threat we face,” he added. US experts warn of “cybergeddon”, in which an advanced economy - where almost everything of importance is linked to or controlled by computers - falls prey to hackers, with catastrophic results.
IT security spending will increase to match cybercrime threat in 2009
In light of the economic downturn and rising cybercrime attacks as indicated in Finjan’s Web Security Trends Report Q4 2008, Finjan conducted an online survey among 200 IT and security professionals.
Friday, January 09, 2009
SIEM: the Answer to Awkward Security Questions
What’s the one security question that you don’t want to be asked about your company? The author believe it’s the same question that Her Majesty the Queen raised when she visited the London School of Economics in November 2008. Describing the global credit crunch as “awful”, she asked an LSE professor: “Why did nobody notice what was happening?” This exchange neatly sums up a key IT security problem.
Monday, January 05, 2009
Cyber Security Reaches “Tipping Point” in 2008; Attacks on Critical Infrastructure Systems and Cyber
The year 2008 was a time security threats and malicious activity reached a tipping point, and 2009 stands to be the year critical infrastructure systems become prime targets for cyber criminals and the global financial crisis will be exploited for a variety of malicious activities, according to a new report released today from VeriSign (NASDAQ: VRSN) iDefense Security Intelligence Services.
Friday, December 12, 2008
Study: One-Quarter Of Antivirus Apps Aren’t Working
More than one-quarter of business PCs are running antivirus software that has been disabled or was never properly installed, according to a study that will be published on Monday. Promisec, a company that makes endpoint management tools, conducted the study on 100,000 PCs to prove a point: that antivirus management consoles from leading vendors are not accurately reporting when their software isn’t working.