1. The Portable Problem
They can be the getaway vehicles for sensitive data, or the unwary carriers of viruses and other malware. It’s no surprise, then, that removable storage is at the top of the list in almost every security professional’s priority list these days. In a survey published yesterday, Centennial Software reported that 38.4 percent of attendees at the recent InfoSecurity Europe conference listed portable media as the number one security issue facing their organization. Viruses finished second at 23.7 percent; spyware garnered 22.3 percent. “It comes up in every conversation I have with a customer,” says Steve Stasiukonis, vice president and founder of Secure Network Technologies, a penetration testing firm. According to a study published two weeks ago by Senforce Technologies, 73 percent of IT professionals say their organization houses critical data on removable devices such as laptops, thumb drives, and iPods. Twenty-three percent of the respondents said their organization had reported a network security breach in the last 12 to 18 months, and another 25 percent said they didn’t know whether such a breach had occurred.
2. Web Two Point Zero-Day?
In tests of some 31,000 Websites last year, the Web Application Security Consortium exposed more than 148,000 vulnerabilities, according to the latest WASC statistics. As with portable devices, the problem with emerging Web applications — sometimes collectively called Web 2.0 — is that the popularity of the technology is rapidly outstripping the IT organization’s ability to secure them. Fortify Software earlier this month reported a new wave of Internet attacks targeting Web 2.0 sites and the Ajax applications that have helped make them so dynamic.
3. Attacker Inside!
Corporations have always been concerned about security leaks and insider attacks.
4. Endpoint End Game
Networks and applications are nice, but most hackers’ favorite target is a nice, blissfully-ignorant end user. Some 25,090 (13 percent) of the corporate PCs surveyed had unauthorized USB devices attached to them. Whether it’s Cisco’s NAC, Microsoft’s NAP, or any one of a dozen other endpoint security strategies, corporations need to find a solution, and fast.
5. Botnet Bugaboo
When attackers crippled two of the Internet’s key Domain Name Service servers in February, it was bad enough. But now experts are telling us that the attack might have been a prologue to a much larger attack, or perhaps even a sales demo for a botnet seller. BBC News today is reporting that some companies have begun hiring hackers to launch botnet attacks on their competitors, creating spam networks or crippling their rivals’ networks with botnet traffic. And with zero-day vulnerabilities discovered in Microsoft’s DNS just a few weeks ago, the botnet threat is greater than ever, experts say. “Botnets are pervasive on the Internet and use zero-day vulnerabilities, such as Microsoft’s DNS vulnerability, to grow their armies,” said Ashar Aziz, CEO of security company FireEye. “Botnets enable theft of enterprises’ customer data and intellectual property, and can be used to commit fraud and crime on a large scale.
http://www.darkreading.com/document.asp?doc_id=123294&WT.svl=news2_3