Study: Businesses still don’t recognize insider threat

From DarkReading (Tim Wilson)
Despite recent headlines and instances of insider attacks, many companies still are not acting to protect themselves [darkreading.com] from insider threats, according to two new analyst reports.
Although 88 percent of the respondents to a Forrester Research study said they consider data security a “challenging issue,” some 40 percent of respondents said they had no interest in, no plans for, or no knowledge of emerging tools for information leak protection.  Read the full story [darkreading.com]  See related story from Matt Hines [eweek.com]

Understanding IPSec

This quick tutorial gives you a foundation for understanding the IPSec protocol and how it can be used to secure some online sessions.

By Andrew Jaquith
Despite years of investments in technology and processes, protecting enterprise-wide data remains a maddeningly elusive goal for chief information security officers (CISOs). Software-as-a-service (SaaS), Web 2.0 technologies, and consumerized hardware increase the number of escape routes for sensitive information. Regulations, statutes, and contractual expectations drown CISOs in audit requests and ratchet up the pressure to do something about the problem. Hordes of vendors confuse CISOs with innumerable sales pitches.
Instead of beating your head against the wall, devolve responsibility to the business, keeping controls closest to the people who use the data. IT security should be primarily responsible only for deploying data protection technologies that require minimal or no customization. Read the full story [csoonline.com]

By Carrie-Ann Skinner, PC Advisor
The credit card details of 19,000 Brits that shopped online were freely available on Google, it has been revealed. Anyone using the search engine could have easily accessed not only the name and addresses of thousands [infoworld.com] of Visa, Mastercard and American Express card holders, but also the full card details too.
According to the banking body APACS, the majority of the cards had already been cancelled but the owners were probably unaware their information was available online.  Google confirmed the information has since been removed.

By David Neal, vnunet.com

A recent warning from AT&T’s chief security officer, Edward Amoroso, that the cost of cyber crime is running into trillions of dollars [vnunet.com] has been confirmed by security firm Finjan.

Earlier this month Amoroso and a panel of security experts told a US Senate Commerce Committee that revenues from cyber crime now exceed those of drugs crime, and are worth some $1tn (£700bn) annually. The report [PDF from senate.gov] also warned that techniques are rapidly evolving.

By Robert Lemos, SecurityFocus
A number of security-focused open-source projects have announced their participation as mentoring organizations in Google’s Summer of Code [google.com].
They include the NMap Project, the OpenSSH project and the Honeynet Project.
Read the full article [securityfocus.com]

By Joan Goodchild, CSO
“The dean of the security deep thinkers,” “security luminary, ” and “risk-management pioneer” are all phrases that have been used to describe Dan Geer. Considered one of the foremost leaders in information security, his resume includes time as president and chief scientist at Verdasys Inc, a critical role in Project Athena at MIT, and a now famous firing from @Stake for co-writing a paper warning that a Microsoft monoculture threatened national security.
These days Geer, a 2009 CSO Compass Award winner, is CISO with In-Q-Tel, a non-profit venture capital firm that invests in security technology in support of the intelligence community. Geer recently spoke with CSO [csoonline.com] and explained why, despite all he has accomplished in his past, his sights are still set toward the future of security. Read the full Q&A interview.

By Peter Ferrie, Microsoft
Another day arrives and, with it, another way to run code. This time, it’s executing arbitrary code in System Management Mode (SMM) memory. That sounds kind of exciting, right? A SMM rootkit? Does that mean that we need an anti-malware scanner for SMM memory now? Or will it just fade away? All this and more will be answered shortly. But first…

By Michael Field, Sydney Morning Herald
TelstraClear, Telstra’s New Zealand subsidiary, has hired one of the worlds best known hackers [smh.com.au] — a teenager known as “Akill”. 
Owen Thor Walker, a 19-year-old who became the subject of a US Federal Bureau of Investigation’s “Operation Bot Roast” cyber crime investigation, was part of a hacker group known as the A-Team. 

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.