IT Professionals


Hacker Claims Compromise of IT Recruiter

A hacker affiliated with a group called TeamGhostShell claims he hacked into a website servicing IT professionals seeking jobs on Wall Street, and in doing so compromised the personal information of thousands of job applicants, according to a ComputerWorld report.

Forrester: The Good And Bad of Security Technologies

From SC Magazine (Angela Moscaritolo)

Businesses are using a variety of technologies to help reduce the impact of threats, prevent breaches and meet compliance — but some of these products are more beneficial than others, according to a new Forrester report released Wednesday that examines the state of network threat mitigation. “Current attacks are very complex, and enterprise teams struggle to keep up,” the report states.

The report studies the benefits of many of the most popular technologies that business are using to secure their networks. Web application firewalls and intrusion prevention systems (IPS) are said to be necessary technologies for many businesses. At the same time, network access control (NAC) and unified threat management (UTM) technologies will continue to struggle to find a foothold, the report states.  Read the full story [scmagazineus.com]  Here’s a link to the Forrester report [forrester.com]

Ponemon survey: CEOs underestimate security risks

From Computerworld (Jaikumar Vijayan)

Computerworld – Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute.

The Ponemon survey of 213 CEOs, CIOs, COOs and other senior executives reveals what appears to be a perception gap concerning information security issues between CEOs and other senior managers. For instance, 48% of CEOs surveyed said they believe hackers rarely try to access corporate data. On the other hand, some 53% of other C-level executives believe that their company’s data is under attack on a daily or even hourly basis. Download the survey (PDF).  Read the full story [computerworld.com]


From SearchSecurity.com (Robert Westervelt)
The dismal economy has put the brakes on a lot of security projects, but the need to maintain the basics and automate some security functions has fueled interest in managed security services and some specific security areas, according to analysts at Gartner Inc.
Despite the dour economy, core security software functions are on pace to continue to grow, said Adam Hils, a principal research analyst with Gartner Research. Antivirus, antimalware and email security will continue to gain interest. New projects will be driven by regulatory compliance initiatives and areas affected by cost cutting measures. Read the full story [techtarget.com]

Patch management has become, in the words of one bleary-eyed IT guy, “just freaking ridiculous.”

Here’s a look at what this IT guy, whose primary role is managing risk at a medium-sized business, was up against in the last two weeks:

From SearchSecurity.com (Rob Westervelt)

IT managers are under pressure from the top executives in their organizations to relax their policies on Web security in order to make users more productive. A new survey of more than 1,000 IT managers found that sales and marketing personnel also are leaning on IT staffs to make life easier for users who already are using tools such as Google Apps and social networking sites on their own.

Former director of security architecture at One Laptop per Child (OLPC) Ivan Krstic has joined Apple to help thwart hacker attacks against the Mac operating system.

Krstic, a well-respected innovator who designed the Bitfrost security specification for the OLPC initiative, joined Cupertino this week and will work on core OS security.  His hiring comes at a crucial time for a company that ties security to its marketing campaigns despite public knowledge that it’s rather trivial to launch exploits against the Mac. Read the full story [zdnet.com]

By Matt Keil, Palo Alto Networks
Prior to January of 2007, I had very little exposure to the vast array of applications that employees use while at work. Sure, I used IM, webmail and listened to music online, but I was being paid to do a job, not entertain myself. After joining Palo Alto Networks, and analyzing 18 months worth of customer traffic, it has become clear to me that my application exposure is outdated. I say this because I am surprised by the broad range of applications we find running on corporate networks – business and end-user oriented. Examples include inappropriate web surfing (obviously), watching HD movies, streaming music, file sharing or running a side business. The bottom line is that employees are using their favorite applications whenever they want with little regard to the associated business and security risks.

By Tim Wilson, DarkReading/InformationWeek

We polled more than 400 business technology professionals to determine which threats they consider the most serious, how they prioritize their defensive efforts, and what plans they’ve put in place to keep their organizations’ data safe in 2009 and beyond.  We find that professionals worry about threats from outside attackers [informationweek.com], but it’s the danger from within the company that really keeps them awake at night. About 52% of more than 400 respondents say they’re most concerned about internal risks, including both accidental and malicious data compromises by employees or business partners during the course of their day-to-day activities. 
Read the full story [informationweek.com]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.