Author: admini

“SMEs have to realize that just because they are small, it doesn’t mean they won’t be targeted. Bad guys target wherever they can get money. Individuals working on peer-to-peer networks often don’t realize they’re sharing the whole contents of their drive. You can find Homeland Security vulnerability assessment documents online from employees (using P2P).”

However, Schmidt said that SMEs will eventually start using managed software security services, with third-party providers managing both low-cost application level security and end-point hardware. They want automatically self-healing and self-configuring software,” said Schmidt.

Small businesses must take security into account in their planning and decide whether to outsource security, invest in training or allocate more resources. If a small enterprise does have a full-time IT manager, that manager should become familiar with security standards such as ISO 17799, he said.

McMurdie said that computer security should follow common-sense procedures.

http://news.com.com/Small+companies+ignorant+of+security/2100-7355_3-6137381.html?tag=ne.fd.mnbc

“There has been a lot of spending on network security, but the perception is there is not a lot of risk in that area,” says Forrester senior analyst Tim Sheedy. Sheedy claims that in a few years IT security will be measured much like other business metrics. Businesses will be able to factor in the actual information security risk, based on factors such as employee behaviour, system readiness and the financial ramifications of employees who expose an organization’s most sensitive information — either willingly or by accident. “Putting actual metrics — and particularly financial metrics — around security is going to be a major trend,” Sheedy said.

By 2010, says Pullen, industries like retail, construction and finished goods will have to deal with the same online nasties that plague online banking today — and most won’t be ready.

“In 37 months time I think there will be a public company either forced into chapter 11 (US bankruptcy code) or forced into bankruptcy in Australia because of a security breach that either resulted in goods being stolen from them or an incident with such an impact a company is forced to shut down,” he said.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9005164&taxonomyId=17&intsrc=kc_feat&WT.svl=bestoftheweb1

But Ted Julian, vice president of marketing for AppSec, which sells vulnerability scanning tools for databases, says the lopsided vulnerability count may be more a function of where the more valuable corporate data typically lies — in the Oracle database. “I see plenty of companies that have confidential data in SQL Server, Oracle, DB2 and Sybase. It is certainly not as if it all sits on Oracle,” he says.

But either way you slice it, hacking a database is like striking gold, whether it’s via a Web app or database bug — or both. “If you can break into a Web application, you can get access to the database using the same application,” Friedrichs says.

And you can’t count on that firewalled DMZ to protect your database anymore: Databases are most at risk to an insider threat, ESG’s Ogren says, and these attacks don’t typically use vulnerabilities at all.

http://www.darkreading.com/document.asp?doc_id=110881&WT.svl=news2_3