Category: Trends

In mid-May, Saudi Arabia admitted that some of its government websites had come under a sustained denial of service attack, with a group called Saudi Anonymous using Twitter to not just claim responsibility but also provide a running commentary of its actions and targets in both Arabic and English, finally declaring on 18 May that: “Today is our last day on #OpSaudi, moi.gov.sa [Ministry of Interior] will be our last target.”

But while the attacks on Virgin Radio and Saudi government sites are a malicious inconvenience, the big threat now is around the major industries of the Middle East.

But it also brought home to organisations in the Middle East that cyberattacks were a real threat, it highlighted the importance of strong security systems and caused some internal soul searching. If Iran’s nuclear facilities can be hit, then could the same happen to the region’s oil and gas facilities, so important to the economies of the oil-exporting nations, or the power and water desalination plants?

One of the world’s most valuable companies, at an estimated $10 trillion, and the world’s biggest oil producer, pumping about 12.5 million barrels a day from its fields, Aramco was hit by a malware attack that infected 30,000 computers.

Now, security experts elsewhere are warning that the instances of attacks emanating from the Middle East is rising fast, with around 10 US utility companies the target of attempts to take over plant processes (sound familiar?).

Link: http://www.zdnet.com/cyber-retaliation-how-security-is-becoming-a-priority-for-the-middle-east-7000017197/

He explained there was a correlation between applications used for business transactions in more connected locations, which leads to them having a higher chance of being infected.

Singapore for example, was one of the countries with the highest number of infected computers by Citadel, because it was one of the most connected nations worldwide, Poczobutt pointed out.

Moving forward, IT managers should not just respond to the latest botnet attacks but make sure there is a way to tackle attacks used commonly such as SQL injections which steal data from Web-based applications, he noted.

“I think of a botnet as an infrastructure, I can make it perform different attacks and there are different limits to the kinds of specific botnet attacks that can be launched,” Poczobutt noted, adding the constant evolution of botnets is “like a cat and mouse game”.

Link: http://www.zdnet.com/botnets-now-target-enterprise-apps-7000017125/

Many companies have decided to eliminate credit card data from their own systems and completely entrust it to an external service provider,” said Mr. Such decisions are easier if employee performance information is stored in an HR management system, customer information is stored in a CRM system, and financial and business information is stored in an ERP system. Regardless of the specific privacy standard and cross-border transfer mechanism used, the most difficult challenge for organizations is to make such rules binding on all entities involved, including all employees, and accept liability in cases where employees or customers suffer harm. Given that this information can be accessed from the other end of the world in a fraction of a second, the physical location should be increasingly irrelevant. Yet this physical location is still what many regulators insist on, although the legal location should be most relevant from a regulatory perspective. As an example, personal data might be stored in a data center of a U.S. cloud provider, which is operated by a third-party service provider from India.

This report is part of the Gartner Special Report “The Future of Global Information Security” The special report can be viewed at http://www.gartner.com/technology/research/security-risk-management/ and includes links to reports and commentary that explore the major tectonic forces at play that will change how business use of technology will be dramatically changed by rapid escalations in threat, defense and societal demands.

This summit is the premier gathering for senior IT and business executives across IT security and risk management, including privacy, compliance, business continuity management (BCM), IT disaster recovery and business resiliency. The summit offers five role-based programs that delve into the entire spectrum of IT security and risk, including: network and infrastructure security; identity and access management (IAM); compliance; privacy; fraud; BCM; and resilience.

Link: http://bw.newsblaze.com/release/2013061206482800001.bw/topstory.html

Mobile security incidents common and costly for large & small firms – 52% of large businesses report mobile security incidents have cost more than $500,000 in the past year, in staff time, legal fees, fines and remediation.

Android has the greatest perceived security risks – Android was cited by 49% of businesses as the platform with greatest perceived security risk (up from 30% last year), compared to Apple, Windows Mobile, and Blackberry.

Lost data is the biggest concern in mobile security incidents – 94% of respondents said lost information was their biggest concern in a mobile security incident; just 10% expressed concern over a compliance violation or fine.

Tomer Teller, security evangelist and researcher at Check Point Software Technologies, said: “Without question, the explosion of BYOD, mobile apps, and cloud services, has created a herculean task to protect corporate information for businesses both large and small.

Link: http://security.cbronline.com/news/survey-shows-79-of-businesses-experienced-a-mobile-security-incident-in-past-year