Greg Hoglund, CEO of HBGary, admits that lackluster security at his company played a central role in the breach that led to the release of some 50,000 company emails, but also disputes common understanding and reported details of the hack and the group behind it, going so far as to say there was actually no hack at all.
The next decade will see Microsoft lose its grip as the most-used and most attacked platform, as a new generation of hackers and cybercriminals diversify, launching attacks on a growing population of mobile devices and computers that run operating systems other than Windows, according to Kaspersky Lab’s 2020 cybercrime outlook.
From SC Magazine (Angela Moscaritolo)
Businesses are using a variety of technologies to help reduce the impact of threats, prevent breaches and meet compliance — but some of these products are more beneficial than others, according to a new Forrester report released Wednesday that examines the state of network threat mitigation. “Current attacks are very complex, and enterprise teams struggle to keep up,” the report states.
The report studies the benefits of many of the most popular technologies that business are using to secure their networks. Web application firewalls and intrusion prevention systems (IPS) are said to be necessary technologies for many businesses. At the same time, network access control (NAC) and unified threat management (UTM) technologies will continue to struggle to find a foothold, the report states. Read the full story [scmagazineus.com] Here’s a link to the Forrester report [forrester.com]
From SearchSecurity.com (Rob Westervelt)
IT managers are under pressure from the top executives in their organizations to relax their policies on Web security in order to make users more productive. A new survey of more than 1,000 IT managers found that sales and marketing personnel also are leaning on IT staffs to make life easier for users who already are using tools such as Google Apps and social networking sites on their own.
By Matt Keil, Palo Alto Networks
Prior to January of 2007, I had very little exposure to the vast array of applications that employees use while at work. Sure, I used IM, webmail and listened to music online, but I was being paid to do a job, not entertain myself. After joining Palo Alto Networks, and analyzing 18 months worth of customer traffic, it has become clear to me that my application exposure is outdated. I say this because I am surprised by the broad range of applications we find running on corporate networks – business and end-user oriented. Examples include inappropriate web surfing (obviously), watching HD movies, streaming music, file sharing or running a side business. The bottom line is that employees are using their favorite applications whenever they want with little regard to the associated business and security risks.
From Techworld (Maxwell Cooter)
Enterprises are struggling to control the use of consumer applications within the workplace, despite the panoply of security tools being used within corporates.
According to new research [paloaltonetworks.com], nearly half of all bandwidth within corporate environments is being consumed by personal applications such as YouTube, peer-to-peer filesharing and various other consumer applications. Peer-to-peer is a particularly frequent problem, and according to the research, an average of six P2P applications were found in 92 percent of the organisations surveyed. Read the full story [cio.com]
We recently conducted a project focused on confidential data security [enterprisestrategygroup.com] that will be published soon. However, here are some interesting advance results that support this venerable security dictum. ESG asked 308 North American and European security professionals from large organizations (i.e. 1,000 employees or more) a number of questions about data security risks, policies, and technology safeguards. When asked to define the most important measures for protecting confidential data, nearly half of all respondents said, “communicating and training users on confidential data security policies.” This was the top response followed by, “physical security,” and “access controls for private data.”
