Category: Trends

“While there’s still some skepticism out there — security was also cited as one of the top three factors keeping companies from engaging a managed service provider — there are some providers that have reached a kind of ‘trusted advisor’ status, and they are being engaged more and more frequently to deliver security services,” says Richard Rysiewicz, vice president of services at CompTIA.

RSA president Art Coviello announced a few weeks ago that his division will be working with parent company EMC’s professional services division for risk assessment for enterprises. And BT, which acquired MSSP Counterpane last year, is quietly making a major push into large, global enterprises, according to security guru Bruce Schneier, CTO of BT Counterpane.

“It’s not a choice between doing it in-house and doing it out-of-house.”

The trust issue is a plus for Internet Security Systems, the formerly-independent security vendor that now has become IBM’s arm for delivering managed security services.

Tom Noonan, a founder of ISS who now heads up IBM’s security efforts, says that rather than serving as an add-on, security is now driving many outsourcing projects. He says the researchers “were surprised” when security showed up in the top three reasons for selecting a supplier, just behind quality of service and price.

http://www.darkreading.com/document.asp?doc_id=117795&WT.svl=news1_4

The ITM study, sponsored by McAfee, examined in mobile operators’ past experiences, current attitudes and future plans with regards to mobile security.

In line with the growing importance of mobile security to service providers, 85 per cent plan to increase their mobile security budgets to tackle issues including network intrusion, mobile viruses, denial-of-service attacks, spam and mobile phishing (SMiShing).

http://archive.gulfnews.com/articles/07/02/17/10104899.html

The company this week released its IT Risk Management Report. Over the course of a year, Symantec analysts surveyed 500 IT executives and managers about the risks that their organizations are facing.

“As organizations are growing more and more dependent on their IT systems to conduct business, IT risk has become a primary concern for business leaders,” said Greg Hughes, an executive VP with Symantec, in a statement.

http://www.darkreading.com/document.asp?doc_id=116628&WT.svl=cmpnews2_3

Sophos has seen more than 2,500 variants of the Dorf malware, almost a third of the new threats identified during January 2007. The majority were intercepted by Sophos’ proactive Behavioral Genotype Protection technology even before they were formally identified as belonging to the Dorf family of malware.

http://www.vnunet.com/vnunet/news/2173872/dorf-storms-top-malware-charts

“People are running scared with their hair on fire,” said Troy Allen, a risk consultant and CEO of security firm Kroll’s Fraud Solutions unit.

When Pennsylvania’s Geisinger Health Systems learned personal data of some of its patients might be exposed as a result of a laptop theft, it offered ID theft protection from American Insurance Group (AIG). Begun in 2006, the policy covers businesses, providing up to $25 million in coverage for companies facing costs, including legal, regulatory and other.

“Password protection only is very weak,” Yankee Group’s Sal Capizzi said.

Boeing had a policy requiring data downloaded be encrypted, but an employee skipped encryption.

Allen predicts firms will also restrict or ban downloading data to CD or USB flash drives. “Employers will begin insisting that more information exchange takes place via secure online transfer,” Allen said in a statement.

Kroll is advising data minimization, a concept counter to the prevailing belief that customer information is an advantage.

For Allen, excuses that a stolen laptop was only a “smash and grab” where thieves aren’t interested in the data stored there doesn’t hold water.

Not satisfied with a few hundred or thousand data files, criminals will turn to social engineering to gain access to data, according to Allen.

http://www.internetnews.com/bus-news/article.php/3654211

The painful indication of these 2006 attacks is that there seems to be a trend of e-commerce businesses themselves using e-space to launch DDoS attacks or hack websites of their rivals. Mr. Nguyen Hoa Binh (Director of PeaceSofts chodientu.com), Mr. Phung Minh Bao (VietCo JSC) and Mr. Vu Trung (Director of Nhan Hoa) all said that somebody must be playing foul.

According to VNCERTs report titled “Increasing Co-operation in Preventing E-Commerce Crimes which was read at the November 9 conference, the most popular unhealthy competition method among Vietnamese e-commerce businesses was to “hire hackers to destroy rivals operations. VNCERT warned of 5 common e-commerce crimes: 1 International swindling through emails (phising); 2 Falsifying, transacting and laundering money through credit cards; 3 Developing bot networks to refuse services, send spam emails and pops-up; 4 Attacking e-commerce systems for business and competition reasons; 5 Sending spam emails to Vietnams e-space on a large scale.

Looking ahead to what will be awaiting e-security in 2007, many worry about the prospect of the large-scale online destruction and mushrooming of botnets developed by Vietnamese hackers for commercial reasons.
These botnets are chiefly engaged in such activities as sending spam emails on a large scale, phising, stealing information, refusing services or laundering money. In the near future, Vietnamese hackers may catch up with foreign ones in setting up their own ingeniously destructive networks. It is now unclear how ISPs and responsible authorities will face the new e-security trend in e-commerce in 2007. But according to Mr. Hoang Ngoc Dieu, an expert on e-commerce solutions in Sydney (Australia), as well as the HVA forums administrator, 2007 will be the threshold year of Vietnamese e-commerce.

http://english.vietnamnet.vn/biz/2007/01/654412/