For security professionals, the awake-at-night issues keep changing. Security threats, apparently, are like politically-incorrect comments by Don Imus: There’s a new one every few minutes. And so, in one final nod to Dark Reading’s first anniversary this week, they’ve done some research on security professionals’ current concerns, and those they foresee in the immediate future. The following is a synopsis of what they found. As you’ll see, some of the top issues and priorities in IT security have shifted significantly in the scant four months since we last asked this question. But read it fast — the next sea change can’t be far away.<\/p>\n","protected":false},"excerpt":{"rendered":"
1. The Portable Problem
\nThey can be the getaway vehicles for sensitive data, or the unwary carriers of viruses and other malware. It’s no surprise, then, that removable storage is at the top of the list in almost every security professional’s priority list these days. In a survey published yesterday, Centennial Software reported that 38.4 percent of attendees at the recent InfoSecurity Europe conference listed portable media as the number one security issue facing their organization. Viruses finished second at 23.7 percent; spyware garnered 22.3 percent. “It comes up in every conversation I have with a customer,” says Steve Stasiukonis, vice president and founder of Secure Network Technologies, a penetration testing firm. According to a study published two weeks ago by Senforce Technologies, 73 percent of IT professionals say their organization houses critical data on removable devices such as laptops, thumb drives, and iPods. Twenty-three percent of the respondents said their organization had reported a network security breach in the last 12 to 18 months, and another 25 percent said they didn’t know whether such a breach had occurred.<\/p>\n
2. Web Two Point Zero-Day?
\nIn tests of some 31,000 Websites last year, the Web Application Security Consortium exposed more than 148,000 vulnerabilities, according to the latest WASC statistics. As with portable devices, the problem with emerging Web applications — sometimes collectively called Web 2.0 — is that the popularity of the technology is rapidly outstripping the IT organization’s ability to secure them. Fortify Software earlier this month reported a new wave of Internet attacks targeting Web 2.0 sites and the Ajax applications that have helped make them so dynamic.<\/p>\n
3. Attacker Inside!
\nCorporations have always been concerned about security leaks and insider attacks. <\/p>\n
4. Endpoint End Game
\nNetworks and applications are nice, but most hackers’ favorite target is a nice, blissfully-ignorant end user. Some 25,090 (13 percent) of the corporate PCs surveyed had unauthorized USB devices attached to them. Whether it’s Cisco’s NAC, Microsoft’s NAP, or any one of a dozen other endpoint security strategies, corporations need to find a solution, and fast.<\/p>\n
5. Botnet Bugaboo
\nWhen attackers crippled two of the Internet’s key Domain Name Service servers in February, it was bad enough. But now experts are telling us that the attack might have been a prologue to a much larger attack, or perhaps even a sales demo for a botnet seller. BBC News today is reporting that some companies have begun hiring hackers to launch botnet attacks on their competitors, creating spam networks or crippling their rivals’ networks with botnet traffic. And with zero-day vulnerabilities discovered in Microsoft’s DNS just a few weeks ago, the botnet threat is greater than ever, experts say. “Botnets are pervasive on the Internet and use zero-day vulnerabilities, such as Microsoft’s DNS vulnerability, to grow their armies,” said Ashar Aziz, CEO of security company FireEye. “Botnets enable theft of enterprises’ customer data and intellectual property, and can be used to commit fraud and crime on a large scale.<\/p>\n
http:\/\/www.darkreading.com\/document.asp?doc_id=123294&WT.svl=news2_3<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-2185","post","type-post","status-publish","format-standard","hentry","category-trends"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2185","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2185"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2185\/revisions"}],"predecessor-version":[{"id":4672,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2185\/revisions\/4672"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2185"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2185"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2185"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}