Archive for the ‘Security’ Category
Thursday, April 5th, 2012
 Panda Cloud Antivirus Free Edition,a cloud-based antivirus program, has been ranked first in performance tests run by the prestigious AV-Test.org independent lab.
This is the fourth consecutive AV-Test.org certification for Panda’s free antivirus solution.
The institute evaluated the protection, repair, usability and performance impact of 23 home user and eight corporate antivirus products in Windows 7 in January and February 2012.
To see a graph of the test results:http://prensa.pandasecurity.com/wp-content/uploads/2012/03/av-test-201202.jpg.
Both Panda’s free antivirus solution and Panda Internet Security 2012 have been certified by AV-Test.org with an overall score of 14.5.
Panda Cloud Antivirus Free Edition was the best free antivirus software, outperforming multiple paid solutions and achieving top rankings in usability (5.5 out of 6 points).
In terms of accuracy, Panda Cloud Antivirus recorded only one false positive – a legitimate file erroneously tagged as malware – out of the more than 500,000 test files, whereas other products tested averaged six detections.
In addition, it obtained an excellent score in protection (5 points), well above the average compared to other solutions.
AV-Test evaluations measure how much each solution impacts overall system performance while still delivering good levels of protection.
Of all products tested, Panda Cloud Antivirus Free Edition had the least impact, registering 40 percent below average for other products analyzed.
The full report is available at: http://www.av-test.org/en/tests/test-reports/.
Tags: AV-Test.org, best free anti-virus program, cloud, Panda Security
Posted in Cloud, Internet/New Media, IT, Security, Studies, surveys, reports | Comments Off
Wednesday, April 4th, 2012
 Industry and government efforts have dealt a significant blow to spam, Commtouch® (Nasdaq: CTCH) reported today in its April 2012 Internet Threats Trend Report.
The report is compiled based on a comprehensive analysis of more than 10 billion transactions handled by Commtouch’s GlobalView™ Cloud on a daily basis.
This time last year, spam levels were around the 150 billion mark daily, just before the takedown of the Rustock botnet. Spam levels dropped immediately after that takedown and have continued to decrease ever since. In the first quarter of 2012, an average of 94 billion spam emails were sent per day.
Many factors at work
“The sustained decrease in spam over the last year can be attributed to many factors, including: botnet takedowns, increased prosecution of spammers and the source industries such as fake pharmaceuticals and replicas,” said Amir Lev, Commtouch’s chief technology officer.
“However, spam is still four times the level of legitimate email and cybercriminals are increasing their revenues from other avenues, such as banking fraud malware.”
Specific social engineering campaigns of note this quarter focused on the U.S. tax season, targeting both consumers and members of the accounting profession.
Facebook remains a popular outlet, with a social engineering campaign featuring “an unwatchable video.”
Commtouch’s GlobalView Cloud has unique threat intelligence collection and analysis capabilities that form the basis for the data in the report, as well as Commtouch’s email security, Web filtering and antivirus solutions.
This threat intelligence is supplemented with information from numerous Commtouch Security Alliance partners.
Additional data from the trend report:
Pornographic websites were the category most likely to contain malware
Pharmaceuticals and replicas were the most popular spam topics in Q1
India keeps its title as the country with the most zombies – 19.2 % of all zombies worldwide
270,000 zombies were activated daily for malicious purposes
More details, including an infographic, and a brief presentation summarizing the trend report, are available at: http://www.commtouch.com/threat-report-april-2012.
Tags: April 2012 Internet Threats Trend Report, Commtouch, India, Security, spam levels drop, zombies
Posted in infographic, Internet/New Media, Security | Comments Off
Wednesday, April 4th, 2012
 An analysis of the world’s top 25,000 websites by security firm Barracuda Networks Inc. shows that drive-by exploits exposed more than 10 million users to drive-by downloads and other risks in February. The findings are disturbing, to say the least. Here’s an infographic summarizing the study findings.
Additional highlights of the study include:
- Each day two of the top 25,000 domains serve malicious content, statistically guaranteeing that at least one popular website will serve malicious content every day.
- The top-ranked domains served malicious content 23 of the days in February, proving that this problem is not isolated and occurs on a continuous, regular basis.
- The top-ranked domains that served malicious content spanned across 18 different countries, demonstrating that this problem has no geographic barrier.
- Over 97 percent of sites that served malicious content were at least one year old; over half were on sites more than five years old. This indicates that attackers use well-established, long-lived websites for their drive-by download campaigns.
“Web security has shifted. If you are a popular website or company, the attackers want access to your users. Good sites gone bad is a serious problem,” said Dr. Paul Judge, chief research officer at Barracuda Networks. “Users must be careful when visiting even long-time trusted sites and also more than ever legitimate websites must take steps to protect their websites from compromise.”
Resources:
Tags: Barracuda Networks, cybercrime, domains, drive-by website exploits, malicious content
Posted in Internet/New Media, IT, Security, Studies, surveys, reports | Comments Off
Thursday, March 29th, 2012
 It has been four years since the world worried about the havoc a virus called “Conficker” might wreak online on April Fool’s Day, while new threats, including the ramped up spread of botnets, virus-laden advertising and malicious spear phishing are increasing.
The Online Trust Alliance (OTA) has release of its annual “Top Ten Ways Businesses Can Protect Consumers from Being Fooled,” a list of simple-to-employ recommendations for businesses and government agencies to help protect their customers’ and employees’ personal data, financial assets and devices from being compromised.
OTA, with data from the FBI, Secret Service and forensics experts, developed the list to address the most common and dangerous threats based on a review of thousands of data loss and identity theft incidents.
Businesses overlooking fundamentals
“While businesses are making efforts, all too often they are overlooking the fundamentals which could curb upwards of 90% of online threats to their data,” said Craig Spiezle, executive director and president, Online Trust Alliance.
“We have a shared responsibility to harden our systems and those of our customers. Secure and confident customers are good for business and for the long-term vitality of the digital economy.”
“I want to thank OTA for promoting stronger cyber privacy, security, and resilience,” said Senator Joe Lieberman. “The same way you lock up your business at night to deter criminals, you need to lock up your computer so you’re a less tempting target. OTA’s simple and inexpensive security tips can help our business community take a byte out of cyber crime.”
Top Five from top ten list
OTA’s 2012 Top 10 Recommendations address the most frequent exploits including botnets, malicious email, phishing and deceptive websites. An excerpt of the full list follows:
- The browser is the first line of defense, yet over 40% of users have outdated and insecure browsers, lacking integrated anti-phishing, malware protection and online tracking privacy controls. “Why Your Browser Matters” is a helpful resource for all businesses to provide “teachable moments” to site visitors to upgrade their browser at no cost.
- Upwards of 10% of computers are infected by “botnets”. Scan your systems weekly with tools and resources to help detect, prevent and remediate the threats.
- Deceptive and malicious email continued to grow in the past year, targeting business users, government agencies and consumers. Implement Email Authentication to reduce the incidence of spoofed and forged email, which may lead to identity theft, and the distribution of malware and tarnish your brand reputation.
- Cybercriminals are increasingly snooping and eavesdropping on wireless connections, including airports, coffee shops and the library. Always-on SSL (AOSSL) encrypts all connections and communication — including users’ names and passwords. This standard is now implemented by leading sites including Twitter, Facebook, PayPal and Microsoft.
- Enable automatic patch management for operating systems, applications, including add-ons and plugins. Proactive patch management can harden your system from known vulnerabilities. End-of-life applications that are no longer supported should be removed or used in isolated and secure sessions.
Complete list has more
The complete 2012 list also includes steps regarding protections of internal infrastructures to safeguard customer data and business continuity. The list builds on OTA’s 2012 Data Protection and Breach Readiness Guide, released in January, which identifies key recommendations to help businesses protect their data and be prepared for a breach and data loss incident.
The guide highlighted that in 2011, over 125 million people were affected by data loss incidents costing businesses over $6.5 billion. Almost half of 2011′s breaches could have been avoided through implementation of simple or intermediate controls as outlined in OTA’s recommendations.
To view the complete and updated list for 2012 on ways businesses can protect consumers from being fooled, please go to:https://otalliance.org/2012tips.html.
Tags: Best Practices, botnets, Conficker, Online Trust Alliance, phishing, Top Ten Ways Businesses Can Protect Consumers from Being Fooled, virus in ads
Posted in Best Practices, Internet/New Media, IT, Security, Studies, surveys, reports | Comments Off
Thursday, March 29th, 2012
 One-third of small-to-midsize businesses (SMBs) allow employees to select their own method of backup for their data at work – essentially passing the buck when it comes to data protection, says online backup service Mozy.
This is concerning because companies that don’t provide formal policies instead rely on uncoordinated backup practices that can leave business owners susceptible to significant risks in the event of data loss.
World Backup Day March 31st is an excellent opportunity for SMBs to reevaluate their company backup policies. They can then implement a safe and reliable protection service for their valuable company and client data.
The Mozy survey of more than 640 SMBs was conducted by independent research firm Compass Partners to identify employees’ and executives’ habits and attitudes about backup and data security.
Many don’t have safe backup strategies
The survey found that a significant number of SMBs don’t implement safe backup strategies – despite well-documented risks for loss of sensitive client and company data. Incredibly, 60 percent of companies surveyed do not budget for any form of backup; and only 15 percent of SMBs use remote, automatic online backup.
Of those businesses that do data backups regularly, the survey found the most prevalent methods are those that can most easily be lost, stolen, deleted or destroyed – such as external hard drives (53 percent use them) without some type of online backup connection, company servers (36 percent) and USB thumb drives (31 percent).
A surprising 10 percent of professionals surveyed say they email themselves copies of documents as one form of backup.
“The reality is that businesses often ignore backup options until after they have suffered the consequences of data loss,” saidRuss Stockdale, General Manager, Mozy.
“With World Backup Day this weekend, it provides a timely reminder that professionals need to take steps to implement companywide backup policies and practices that ensure business and client data is protected.”
Survey participants included professionals in the financial, real estate, medical, construction and legal industries.
Across all industries, risky behavior surrounding sensitive data protection is common, the survey found, and when data is lost, it is rarely recovered. In the last year, nearly 50 percent of all businesses surveyed reported that an employee’s hard drive had crashed, and in 72 percent of the cases data was not fully recovered.
Steps to take
“Professionals should take the following steps to implement backup practices,” continued Stockdale.
“First, find a secure and reliable cloud service to complement a local backup device, which by itself can easily be destroyed, damaged or misplaced.
“Second, the offsite service chosen should automatically back up data, be user-friendly and should emphasize data security and privacy through a strong encryption method.
“Finally, companies should extend backup policies to include strategies for protecting the data on mobile devices, as analysts predict a surge in employees using personal smartphones or tablets for business purposes throughout 2012.”
Tags: 2012, March 31, Mozy, online backup, SMB data protection, World Backup Day
Posted in Internet/New Media, IT, Security | Comments Off
Thursday, March 29th, 2012
Veracode Inc., which sells cloud-based application security testing, has created an infographic on Social Media Basics.
This infographic examines various types of targeted attacks and focuses on malware’s history of infecting Twitter and Facebook.
To minimize risks, the image summarizes advice such as being aware of trending topics as a popular lure, protecting passwords and being wary of Facebook spam. In a related webinar, Veracode addresses the ubiquity of social media applications and the challenges facing enterprise infosecurity organizations in how they manage usage across the workforce. The webinar is available on-demand athttp://veracode.com/social-media-security.
“This infographic reinforces that enterprises must balance the allure of social media with risks for viruses and attacks,” said Connie Stack, vice president of corporate marketing, Veracode. “While it may not be realistic to have your workforce avoid all forms of social media, it’s important to educate employees on social media safety and best practices to reduce a company’s risk from costly losses and data theft.”
Tags: apps, social media hacks, social media security basics, Veracode
Posted in Facebook, infographic, Internet/New Media, LinkedIn, Security, social media, Twitter | Comments Off
Friday, March 23rd, 2012
 Many business professionals don’t realize that when their company’s confidential information is at risk, so too is the information of its clients, vendors, customers and employees.
Released today, Fellowes’ Workplace Data Security Report found that 81 percent of office employees have access to paper documents containing sensitive workplace information, yet only 62 percent cite their company as having a data security policy on which employees are trained.
Some of those untrained employees may be leaving their companies vulnerable to a security breach, as the survey also reports that nearly a quarter of employees leave sensitive paper documents on top of their desks.
According to the study, office employees may unwittingly contribute to a digital or paper-based security breach by practicing other risky behaviors:
- Approximately one in four (26 percent) leave their computers unlocked when away from their desk
- Fifteen percent throw paper documents containing sensitive information in the trash
- Only 60 percent maintain a secure firewall
- Less than half of respondents (44 percent) ensure their mail is safe by sending it through a secure mailbox
“Whether electronic or in paper form, confidential information in the workplace is a hot item for theft and the methods employed by criminals to obtain this information are constantly evolving,” said John Sileo, national identity theft expert. “With smart prevention measures, you can help your company avoid a costly breach that can lead to personal consequences – like identity theft.”
Smart Practices for the Workplace
Having learned a great deal from suffering a security breach within his own business, Sileo travels the country educating businesses about ways to prevent the crime.
“Data protection can be simple as long as the proper procedures are in place and widely practiced,” continued Sileo.
He offers five key pieces of advice when speaking with business employees:
- Lock your office when you leave for the day to prevent anyone accessing it after hours
- Ensure your computer is locked with a secure password containing a unique combination of letters and numbers
- Ask your IT department to check that your firewall is secure and up-to-date
- Don’t leave paper documents on your desk or in common printing areas and store important documents in a locked filing cabinet
- Shred no-longer-needed documents with a Cross-Cut shredder, like Fellowes’ 79Ci”
For more information about data breach prevention and Fellowes’ 79Ci, visit www.fellowes.com.
Tags: Felowes, security breaches
Posted in Internet/New Media, IT, Security, Studies, surveys, reports | Comments Off
Thursday, March 22nd, 2012
 Cyber hacking to advance political or social causes has seen a dramatic rise, but the ”Verizon 2012 Data Breach Investigations Report“ found that 97 percent of the attacks were avoidable, without the need for organizations to resort to difficult or expensive countermeasures.
For our story on the report, see: Hactivism sees dramatic rise
Here’s Verizon’s recommendation for keeping hactivists and cyber criminals out of your network.
Recommendations for Enterprises
- Eliminate unnecessary data. Unless there is a compelling reason to store or transmit data, destroy it. Monitor all important data that must be kept.
- Establish essential security controls. To effectively defend against a majority of data breaches, organizations must ensure fundamental and common sense security countermeasures are in place and that they are functioning correctly. Monitor security controls regularly.
- Place importance on event logs. Monitor and mine event logs for suspicious activity – breaches are usually identified by analyzing event logs.
- Prioritize security strategy. Enterprises should evaluate their threat landscape and use the findings to create a unique, prioritized security strategy.
Recommendations for Small Organizations
- Use a firewall. Install and maintain a firewall on Internet-facing services to protect data. Hackers cannot steal what they cannot reach.
- Change default credentials. Point-of-sale (POS) and other systems come with pre-set credentials. Change the credentials to prevent unauthorized access.
- Monitor third parties. Third parties often manage firewalls and POS systems. Organizations should monitor these vendors to ensure they have implemented the above security recommendations, where applicable.
Breaches are a global phenomenon:
 Copyright Verizon Wireless. All Rights Reserved.
The DBIR can be downloaded in full at: www.verizon.com/enterprise/2012dbir/us
Tags: Data Breach Investigations Report, map of hactivist breaches, network security tips, Verizon
Posted in Best Practices, Business advice, Internet/New Media, IT, Security, Studies, surveys, reports | Comments Off
Thursday, March 22nd, 2012
 Copyright by Verizon Wireless. All rights reserved by Verizon Business The “Verizon 2012 Data Breach Investigations Report“ reveals the dramatic rise of “hacktivism” — cyberhacking to advance political and social objectives.
In 2011, 58 percent of data stolen was attributed to hacktivism, according to the annual report released today from Verizon.
The new trend contrasts sharply with the data-breach pattern of past several years, during which the majority of attacks were carried out by cybercriminals, whose primary motivation was financial gain.
Seventy-nine percent of attacks represented in the report were opportunistic. Of all attacks, 96 percent were not highly difficult, meaning they did not require advanced skills or extensive resources.
Additionally, 97 percent of the attacks were avoidable, without the need for organizations to resort to difficult or expensive countermeasures.
The report also contains recommendations that large and small organizations can implement to protect themselves. See: Seven tips for keeping hactivists out of your network.
Now in its fifth year of publication, the report spans 855 data breaches across 174 million stolen records – the second-highest data loss that the Verizon RISK (Research Investigations Solutions Knowledge) team has seen since it began collecting data in 2004.
Five partners joined in the report
Verizon was joined by five partners that contributed data to this year’s report: the United States Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting & Information Security Service and the Police Central e-Crime Unit of the London Metropolitan Police.
“With the participation of our law enforcement partners around the globe, the ’2012 Data Breach Investigations Report’ offers what we believe is the most comprehensive look ever into the state of cybersecurity,” said Wade Baker, Verizon’s director of risk intelligence.
Goal: increase awarenss of global cybercrime
“Our goal is to increase the awareness of global cybercrime in an effort to improve the security industry’s ability to fight it while helping government agencies and private sector organizations develop their own tailored security plans.”
The report findings reinforced the international nature of cybercrime. Breaches originated from 36 countries around the globe, an increase from 22 countries the year prior. Nearly 70 percent of breaches originated in Eastern Europe, with less than 25 percent originating in North America.
External attacks remain largely responsible for data breaches, with 98 percent of them attributable to outsiders. This group includes organized crime, activist groups, former employees, lone hackers and even organizations sponsored by foreign governments.
Insider incidents declined
With a rise in external attacks, the proportion of insider incidents declined again in this year’s report, to 4 percent. Business partners were responsible for less than 1 percent of data breaches.
In terms of attack methods, hacking and malware have continued to increase. In fact, hacking was a factor in 81 percent of data breaches and in 99 percent of data lost.
Malware also played a large part in data breaches; it appeared in 69 percent of breaches and 95 percent of compromised records. Hacking and malware are favored by external attackers, as these attack methods allow them to attack multiple victims at the same time from remote locations. Many hacking and malware tools are designed to be easy and simple for criminals to use.
Additionally, the compromise-to-discovery timeline continues to be measured in months and even years, as opposed to hours and days. Finally, third parties continue to detect the majority of breaches (92 percent).
 Copyright Verizon Wireless. All Rights Reserved. Key Findings of the 2012 Report
Data from the 2012 report also demonstrates that:
- Industrial espionage revealed criminal interest in stealing trade secrets and gaining access to intellectual property. This trend, while less frequent, has serious implications for the security of corporate data, especially if it accelerates.
- External attacks increased. Since hacktivism is a factor in more than half of the breaches, attacks are predominantly led by outsiders. Only 4 percent of attacks implicate internal employees.
- Hacking and malware dominate. The use of hacking and malware increased in conjunction with the rise in external attacks in 2011. Hacking appeared in 81 percent of breaches (compared with 50 percent in 2010), and malware appeared in 69 percent (compared with 49 percent in 2010). Hacking and malware offer outsiders an easy way to exploit security flaws and gain access to confidential data.
- Personally identifiable information (PII) has become a jackpot for criminals. PII, which can include a person’s name, contact information and social security number, is increasingly becoming a choice target. In 2011, 95 percent of records lost included personal information, compared with only 1 percent in 2010.
- Compliance does not equal security. While compliance programs, such as the Payment Card Industry Data Security Standard, provide sound steps to increasing security, being PCI compliant does not make an organization immune from attacks
Tags: cybercrime, Hactivism, RISK, social & political hacking, Verizon 2012 Data Breach Investigations Report, Verizon Wireless
Posted in Government/Defense, Internet/New Media, IT, Security, Studies, surveys, reports | Comments Off
Tuesday, March 20th, 2012
 Negligent insiders are the top cause of data breaches while malicious attacks are 25 percent more costly than other types, according to the findings of the 2011 Cost of Data Breach Study: United States, released by Symantec and the Ponemon Institute.
The study also found organizations which employ a chief information security officer (CISO) with enterprise-wide responsibility for data protection can reduce the cost of a data breach by 35 percent per compromised record.
The organizational cost of a data breach was $5.5 million last year. The seventh annual Ponemon Cost of a Data Breach report is based on the actual data breach experiences of 49 U.S. companies from 14 different industry sectors.
“This year’s report shows that insiders continue to pose a serious threat to the security of their organizations,” said Francis deSouza, group president, Enterprise Products and Services, Symantec Corp.
“This is particularly true as the increasing adoption of tablets, smart phones and cloud applications in the workplace means that employees are able to access corporate information anywhere, at any time. It is essential for companies to put the proper information protection policies and procedures in place to counterbalance these new realities.”
Additional key findings from the report include:
- Negligent insiders and malicious attacks are the main causes of data breach. Thirty-nine percent of organizations say negligence was the root cause of the data breaches. For the first time, malicious or criminal attacks account for more than a third of the total breaches reported in this study. Since 2007, they also have been the most costly breaches. Accordingly, organizations need to focus on processes, policies and technologies that address threats from the malicious insider or hacker.
- Certain organizational factors reduce the overall cost. If the organization has a CISO with overall responsibility for enterprise data protection the average cost of a data breach can be reduced as much as $80 per compromised record. Outside consultants assisting with the breach response also can save as much as $41 per record. When considering the average number of records lost or stolen, all of these factors can provide significant and positive financial benefits.
- Specific attributes or factors of the data breach also can increase the overall cost. For example, in this year’s study organizations that had their first ever data breach spent on average $37 more per record. Those that responded and notified customers too quickly without a thorough assessment of the data breach also paid an average of $33 more per record. Data breaches caused by third parties or a lost or stolen device increased the cost by $26 and $22, respectively.
- Detection and escalation costs declined but notification costs increased. Detection and escalation costs declined from approximately $460,000 in 2010 to $433,000 in 2011. These costs refer to activities that enable a company to detect the breach and whether it occurred in storage or in motion.
- More customers remain loyal following the data breach. For the first time, fewer customers are abandoning companies that have a data breach. However, certain industries are more susceptible to customer churn, which causes their data breach costs to be higher than the average. Taking steps to keep customers loyal and repair any damage to reputation and brand can help reduce the cost of a data breach.
- The cost of data breach declined. For the first time in seven years, both the organizational cost of data breach and the cost per lost or stolen record have declined. The organizational cost has declined from $7.2 million to $5.5 million and the cost per record has declined from $214 to $194.
“One of the most interesting findings of the 2011 report was the correlation between an organization having a CISO on its executive team and reduced costs of a data breach,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.
“As organizations of all sizes battle an uptick in both internal and external threats, it makes sense that having the proper security leadership in place can help address these challenges.”
Tags: CISO, Cost of a Data Breach, data breaches, Farancis deSouza, malicious attacks, Ponemon, Security, Symantec
Posted in Best Practices, Business advice, Internet/New Media, Mobile, Security, Studies, surveys, reports, Tech life/Culture, Telecommunications | Comments Off
Tuesday, March 20th, 2012
Sensitive information exchanged beyond the firewall with business partners and customers is still primarily conducted through email and consumer-grade file sharing tools such as FTP sites, according to a recent survey of more than 1,000 IT decision makers in 7 countries conducted online by Harris Interactive and commissioned by IntraLinks Holdings, Inc. (NYSE: IL).
In fact, the survey showed that 68 percent of global respondents still use email as their main method to send and exchange large files and sensitive data.
In addition, findings also showed that the respondents were very much aware of the security and compliance issues around using email, ftp sites and other consumer-grade file sharing services (69 percent sited malware as issues and 63 percent sited information theft as issues).
Standardized, secure file-sharing tools needed
This suggests that organizations have not addressed the need to provide employees standardized, secure file-sharing tools for collaborating beyond the firewall.
This is considered problematic in a business climate in which many of the respondents indicated a key part of their role is to share critical business information with partners, suppliers, and consultants (46 percent) and where growing regulations and legal issues will drive compliance challenges for organizations: 55 percent of respondents say they face a variety of government IT regulations and 50 percent of respondents say they face a variety of industry regulations
“Success in business has always depended on effective collaboration, but today the nature of collaboration is changing,” saidFahim Siddiqui, Chief Product Officer, IntraLinks.
Enterprise extends to broad network now
“The enterprise now extends to a broad network of relationships with business partners and customers and a wide range of interactions, from simple ad hoc communication to deep relationships spanning workflow and secure content exchange and collaboration.
Without the right controls in place, security and compliance are jeopardized, and ultimately, IT departments are accountable. Organizations need to evaluate how cloud technology and a standardized collaboration solution can offer control and management of sensitive information both inside and outside the firewall.”
The data above are the results of a global survey of more than 1,000 IT decision makers in seven countries including the U.S., U.K., France, Germany, Brazil, Japan and Australia conducted by Harris Interactive between January 26 and February 13, 2012.
Tags: email, file sharing in the Enterprise, FTP, Harris Interactive, IntraLinks Holdings, IT departments
Posted in Best Practices, Internet/New Media, IT, Mobile, Security, Studies, surveys, reports, Telecommunications | 1 Comment »
Monday, March 19th, 2012
 Natural disasters, economic turmoil, and political upheavals are creating new risks for businesses. Natural disasters, political rancor, and economic ups and downs are creating new risks for businesses, says a new PwC US Risk in Review Report. To address the new realities of the growing global risk landscape, PwC recommends the following risk management approaches for 2012:
Increasing cross-communication: Place greater emphasis on communications and data sharing in 2012 and take steps to improve cross-functional and departmental communication.
Improving data quality and reporting: Enhance global economic teams to help improve data quality and put in place improved processes for reporting data. Different business units should meet periodically with different business units to review and exchange information and data as a form of early alert to possible upcoming risks to the business.
Better forecasting and scenario analysis: Leverage more sophisticated tools such as early-warning systems and contingency plans to reconfigure approaches to manage risk (i.e. set up scenario models or Monte Carlo analysis geared to the nuances of the business, run models as events unfold, etc.)
Elevating the CRO: Put risk management role on the proactive offensive instead of reactive defense by giving CROs more cross-functional access and ability to effect decision-making.
Integrating risk management: Manage risk holistically by continuing to integrate risk management into decision-making processes relating to “traditional” functions (i.e. strategic planning). Don’t exclude new areas of risk (i.e. talent management and outsourcing), but address and integrate them into decision-making processes.
Bolstering IT: Address data privacy and security concerns and take stock of where to build better processes, practices, procedures and technical defenses. Shifting technology and heightened competition for new customers in new markets are also exposed to more risks, so it’s imperative to study the setbacks and successes of peers who pioneered the use of these new technologies.
Greater board involvement: Understand the risks facing a company and have in-depth discussions with management to make sure those risks are being handled properly. The discussion should also cover potential risks that are not yet on management’s radar and what the implications of those emerging risks might be.
“With today’s complex, volatile and uncertain world, risk management leaders have their work cut out for them, especially with the fact that risk is always changing. Companies must adopt a new and more robust approach to defining, communicating and managing their global risk profile,” concluded Simon.
To download a full copy of the report, Risk in Review, please visit: http://www.pwc.com/riskinreview
Tags: 2012, boltersin IT, CRO, cross-communication, data quality and reporting, forecasting and scenario analysis, greater board involvement, PwC US, Risk in Review, seven risk management approaches
Posted in Internet/New Media, Security, Studies, surveys, reports | Comments Off
Monday, March 19th, 2012
 Economic turmoil, political upheavals and natural disasters, all combined with advancing globalization and rapid technology progress, are creating a new era of risk for businesses, according to a new PwC US annual report titled Risk in Review.
Based on a survey of more than 1,000 executives and risk management leaders, the report examines the state of global risk, and discusses risk management approaches companies may take to better cope with the ever-widening risk landscape.
Separately, PwC today launched a new on-line benchmarking tool to enable companies to benchmark their risk profile in comparison to their peers and the industry.
“2011 marked a year of reckoning, and many companies are still struggling to create an effective approach to managing the ever-widening risk landscape. Businesses are scrambling to fix weak links in their systems stemming from non-traditional risks such as social media and digital technology, to dealing with the realities of operating in today’s global marketplace,” saidDean Simone, leader of PwC’s U.S. Risk Assurance practice.
“In this new risk era, corporate boards and senior management have a crucial role to play to ensure they set the right culture and align their strategy to risk imperatives.”
According to the report, forward-looking companies are responding by shifting their risk management focus in several fundamental ways: from internal to external, from operational to strategic and from bottom-up to top-down. To better prepare themselves to deal with unexpected events for the upcoming year and beyond, companies installed new risk management organizational structures, have put in place a new breed of risk management leadership and have adopted innovative techniques such as scenario analysis and predictive indicators.
PwC’s Risk in Review identified the risks ahead for 2012:
Intensifying economic uncertainty: Reflecting concerns about further economic deterioration, economic uncertainty tops the list as the biggest perceived threat as noted by 73 percent of respondents, with 77 percent of financial institutions seeing it as a critical risk.
Increasing regulations: With high unemployment, rising financial insecurity and escalating social problems, 60 percent of participants view regulatory risk as a major threat, and 75 percent of respondents operating in the financial and healthcare sectors consider regulatory change among their most critical risks.
Renewed financial volatility: Nearly 60 percent of respondents cited financial volatility as a paramount risk, with many worrying that the Eurozone debt crisis won’t get solved. More than 75 percent of the firms in the banking and other financial services sectors consider financial volatility as a serious risk.
Growing competition: As trade barriers fall and globalization grows, 63 percent of respondents believe competition will continue to increase. The rise of the digital economy is also adding to the competitive pressures, with 73 percent of technology, information, communications and entertainment (TICE) companies considering increased competition as the most critical risk.
Data privacy and security threats: The pervasive use of the Internet and social media will catapult data privacy and security risks to a higher perch on the risk agenda, according to the 56 percent of participants, a jump from 28 percent in 2011.
Competing for talent and labor: The ability to access the right talent and labor represent a major risk for more than half of the respondents in 2012, as compared with 25 percent of companies that cited it as a top risk in 2011.
“There is an increasing pressure on leaders from boards and senior management to adopt stronger measures to prepare for the evolving risk landscape,” continued PwC’s Simone.
“Companies need to assess their risk management approach by taking a holistic view and thinking beyond traditional risk frameworks to focus on the right strategic risks that they can identify, as well as those that are unexpected.”
For tips on risk management approaches see: Seven tips on risk management
To download a full copy of the report, Risk in Review, please visit: http://www.pwc.com/riskinreview
Tags: competing for talent, data privacy & security, economic uncertainty, financial volatility, increasing regulations, PwC US, Risk Management Review
Posted in Best Practices, Security, Studies, surveys, reports, Uncategorized | Comments Off
Friday, March 16th, 2012
 A majority of Americans (90%) believe people remove confidential documents from the workplace, even though most adults (79%) say taking confidential files outside the office is grounds for termination, according to File Trek’s January 2012 Document Security Survey of 2,625 Americans aged 18 and older, conducted online by Harris Interactive.
The study also shows a generational gap in attitudes towards handling confidential files in the workplace. While a majority (68%) of the Millennial generation (those age 18-34) believe it is acceptable to remove confidential files out of the office, only 50% of the 55+ age group believe the same.
Adults 55 and older are significantly more likely to believe someone should be fired for taking confidential information than their younger counterparts (86% vs. 74% of those ages 18-54).
What employees dread most
The fear of being accused of taking confidential company files made the top of the list (72%) of what employees dread most in work situations. Followed by adults knowing a coworker has shared confidential information outside the company and have managers confront them about it (53%).
The only job offenses that ranked higher than removal of confidential information as grounds for termination were sexually harassing a coworker (85%) and incompetence on the job (82%) – and not by much.
Adults found this misuse of confidential files more of a fire-able offense than managers having sex with a direct report (64%) or not doing what their boss instructs (57%).
“Business leaders need to be aware of the changing attitudes toward company IP in the modern workplace,” said Dale Quayle, CEO of FileTrek. “Today’s workforce believes information is an asset to be shared, and while companies have benefited from this collaborative attitude with new technologies and increased productivity, there are risks too. Few cloud services provide the security necessary to track where their confidential data goes. It’s critical for today’s management teams to be more IP aware to ensure data security.”
Though 40% of adults believe it is never acceptable to remove confidential company information out of the office, the report found there are circumstances for which they believe it is acceptable:
o 48% – when boss says it’s okay to do so
o 32% – to finish a late night project from home instead of having to stay at the office
o 30% – to work over the weekend or while on vacation
o 16% – when it is confidential information about themselves
o 2% – when it can be brought back to the office before the boss knows it was gone
o 2% – to show something to family or friends who promise to keep it confidential
Most adults stated that if they were going to risk taking documents, they listed exporting the data to a USB drive (55%) as the most popular manner.
FileTrek is designed to allow secure file sharing, project collaboration, and the ability for managers to track content and data with enhanced compliance-friendly audit reporting. The solution is easy to use, transparent to users and can scale across thousands of desktops and mobile devices to maximize individual and workgroup productivity.
Tags: confidential company information, File Trek, generational gap, Harris Poll, Millennials
Posted in Security, Studies, surveys, reports, Tech Culture | Comments Off
Friday, March 16th, 2012
 If you’re using an Android device, you better make sure you have some malware protection installed. Android’s rise in market share was only surpassed by the amount of malware targeted at Android devices, according to the 2011 Total Defense Interent Security Threat Intelligence Report. In total, over 25 times more Android Malware was identified in 2011.
“The malware landscape is changing at a rapid pace with cyber-criminals producing new malware variants at an exponential rate”
“This past year can be viewed as the year of Android malware with more than 9,000 escalations, clearly illustrating the exponential growth of threats targeting this platform,” said Paul Lipman, CEO at Total Defense.
“The rise of Android malware opens up an interesting debate about security architectures and the merits of open versus closed systems. While users have the ability to install any code, from anywhere, the problem is that criminals see this as an advantage too.”
The Threat Intelligence Report identified and analyzed the most notorious Android malware in 2011 that used social engineering tricks to lure users:
- AndroidOS/Foncy: an SMS-Trojan that differentiates itself from others in this category by choosing different destination message centers based on country code.
- AndroidOS/Dogowar: a Trojan created by malware authors socially motivated to stop animal cruelty.
- AndroidOS/Fakeneflic.A: a Trojan belonging to the InfoStealer category that tricks users by disguising itself as popular software that requires login credentials. If the user is successfully tricked, the entered credentials will be posted to a hosted website.
- AndroidOS/WalkSteal.A: a unique SMS-Trojan created with the intention to “teach” a lesson to the users who are interested in using pirated applications.
- AndroidOS/FakePlayer.A: an SMS-Trojan that uses a familiar social engineering trick of disguising as a media player. When executed, it sends four SMS messages to a premium number.
- AndroidOS/Golddream.A: a Trojan that disguises itself as gaming applications where upon it monitors and records information about incoming/outgoing calls, incoming SMS messages in plain text files that is uploaded to a hardcoded URL
“The malware landscape is changing at a rapid pace with cyber-criminals producing new malware variants at an exponential rate,” said Lipman. “The proliferation of consumer digital devices for convenient Internet access coupled with our global socio-economic climate continues to serve up a perfect storm for online criminal activity. Our goal is to empower end-users with solutions that can provide them complete protection in this dangerous digital world.”
The report also details that the movement toward the “App-Paradigm,” whereby PCs become more appliance-like and only authorized applications can be installed and run, can dramatically decrease the attack surface for digital devices.
The Total Defense Research Team suggests major platform vendors can do more – Microsoft can lock-down Windows 8 to a greater extent on the PC by enticing more Metro App development and Google can better secure Android Apps by offering certified applications via their Android Marketplace.
Hacktivism fromLulzSTorm, Anonymous, LulzSec chronicled
In addition, the report chronicles the acts of hacktivism that have transpired over the past year, including activity by well-known groups LulzStorm, Anonymous and LulzSec.
News of hacktivism exploits have had a snowball effect and given rise to more politically motivated cybercrime worldwide with multiple foreign governments and websites coming under attack from their political enemies.
In addition, the report covers specific activity around organized crimeware, including the high-profile, successful take-downs of the large-scale DNS-Changer, Rustock and Coreflood Botnets, as well as the arrest of the co-founder of ChronoPay, a Russian online payment processor, which processed the sales of leading FakeAV. While law enforcement and cloud security controls have put a dent in large scale Malware attacks in 2011, threats remain extremely high.
For a full copy of the Total Defense 2011 Internet Security Threat Intelligence Report, please visit: http://www.totaldefense.com
Tags: 2011 Internet Security Threat Intelligence Report, Android, malware, Total Defense
Posted in Internet/New Media, IT, Mobile, Security, smartphones, Telecommunications | Comments Off
Thursday, March 15th, 2012
 Personal mobile devices used at work can present a security problem. A study by online backup service Mozy® (NYSE: EMC), found that an increasing number of professionals (80 percent) work remotely and rely on personal devices such as smartphones (63 percent), iPads (30 percent) and laptops (80 percent) to access company data.
Here at the TechJournal, we have noted that many of the high profile data losses – not to mention the many we never hear about – could be avoided if firms paid attention to basic security, yet all too many don’t.
Despite the expectation that professionals with sensitive client data would understand the associated risks and responsibilities, the numbers reflect that many professionals working remotely, and their companies, are either unaware or too casual about how to keep this information safe and secure.
The study profiled several professions that routinely handle sensitive client information, including medical practices, legal, real estate, and financial service firms. It found that they were at even greater risk compared to generalized small and medium businesses to experience a significant loss of sensitive business information.
Personal devices at work a problem
The survey found that while over two-thirds of all small-to-midsize businesses with fewer than 1,000 employees have a formal procedure for backing up company data, 87 percent have no formal policy in place regarding employees’ use of personal devices for work purposes.
One-third of companies let employees make their own decisions about how to back up company and client data on their devices, and most companies polled do not have backup or data recovery plans that meet modern standards for data protection.
 Portable USB drives are not safe ways to store company data. Forty-one percent of small businesses readily store and back up company data on portable USB devices – which may be used by family members, get lost, or even stolen.
Businesses Still Unaware of Risks
Legal professionals trailed the field, with 78 percent of lawyers reporting they were either not at all concerned, not that concerned or only somewhat concerned about the security of their company data for employees using personal devices for work.
While financial services and medical firms are more concerned about the security of their company data than companies in real estate, construction, and law, the majority (more than two-thirds) in each of those industries expressed a lack of concern for risk of loss and security of company data.
This lack of discipline creates unnecessary risk in the protection of company and customer data. The numbers do not lie: very important people have very important data that should be better protected.
Without adequate backup and other data security policies, many businesses are ill prepared to protect company and customer data in the event of a hard drive crash, loss or theft. The survey shows that 30 percent of companies suffered a hard drive crash in the past year. In 70 percent of those cases, data was not fully recovered.
The risk of lost or stolen data is more serious than ever with changing work habits and more employees holding sensitive company data on personal devices. With the start of the new year’s business travel season and a larger number than ever of professionals on the road, they carry sensitive company or client data with them on their laptops, tablets and smartphones.
The Mozy survey shows that one in nine businesses have experienced the theft of a laptop, and in 98 percent of such cases they were not able to recover all of the lost data.
While just over two-thirds of companies surveyed do have formal backup processes, most are using antiquated methods such as external hard drives with no online backup connection, or tape. Both are extremely susceptible to failure in the event of an on-site disaster.
New Season, Better Protection
“Companies can ‘spring clean’ by ensuring they have defined best practices and policies to protect sensitive company and client information,” said Gytis Barzdukas, director of Product Management at Mozy.
“If employees are using personal devices for work, companies should consider what kind of work can be performed on their devices, and how to ensure that confidential information is not at risk if the device is lost or stolen.
“If your company doesn’t have a backup and data recovery policy today, they really should put even a basic plan in place. Using tape, server and thumb drives is a start, but any good backup plan should consist of having both a local and offsite copy,” Barzdukas continued. “Mozy recommends that all company data – whether it resides on employee personal devices or company equipment – be automatically backed up to a secure, reliable location.”
Tags: mobile device security, Mozy, personal devices at work, small business data protection
Posted in Internet/New Media, Mobile, Security, smartphones, Telecommunications | Comments Off
Wednesday, March 14th, 2012
 A recent study from online backup solution provider Carbonite, Inc. (NASDAQ: CARB), revealed surprising responses from small business owners on how they prepare for a data disaster.
Complicated practices lead to incomplete backup
According to the study, small businesses are using a variety of technologies to back up data including some antiquated methods that leave the backup process incomplete and susceptible to information loss.
These technologies include external hard drives, USB/flash drives and CDs/DVDs. The data further revealed many businesses are using a combination of these antiquated technologies, which can make backing up even more complex and compound their risk for data loss. Such methods must be monitored manually and very frequently to ensure that the backups are current and protected.
When multiple methods of backup are used, each must be managed, and careful records of where backed up data is stored needs to be maintained and checked to ensure the backup is complete.
Despite known risks, small businesses continue to choose a range of risky and unreliable technologies:
- Hard Drives are Proven to Fail: 50 percent use external hard drives, yet 20 percent backing up their business data indicated they started to do so because of a hard drive failure.
- USB/Flash Drives are Already Unreliable: 42 percent use USB/flash drives primarily because it is perceived as easy, yet only 6 percent believe USB/flash drives to actually be reliable.
- CDs/DVDs are Inconvenient and Risky: More than one-third use CDs/DVD drives to backup data, even though 62 percent feel they are inconvenient or risky.
“Although many small businesses are backing up their data, they’re using antiquated methods, such as USB/flash drives or CDs, which leave huge gaps and vulnerabilities. These simple solutions may be relatively easy to set up, but they require ongoing supervision to ensure they are performing, and can distract from other work,” said Peter Lamson, senior vice president of small business for Carbonite.
“Small businesses are creating new, priceless data every minute of every day and they can’t afford to be unprotected. Low cost, automated and easy to use methods are now mainstream, so there’s no reason for small businesses to be spending time manually managing backups, when they could spend that valuable time focused on their business instead,” Lamson continued.
Short term savings leave data vulnerable, throw time and money out the window
Small businesses stay competitive by keeping costs down, but when it comes to backup, cutting costs may mean using products with limited coverage and leaving SMB data at risk. Carbonite research found:
- Twenty-one percent of small businesses using online backup were using a free product. Since free online backup services are typically capped at two gigabytes, small businesses using these methods could be vulnerable to data loss.
- Some small businesses already recognize the limitations of USB/flash drives, which are often considered low-cost. Twenty-four percent of small businesses using this method noted USB/flash drives do not work well for backup specifically because they have limited storage space.
“Our study also found that one in five small businesses don’t know how much data they have, so it’s unlikely they have the right solutions in place.”
He added, “Backup solutions like USBs or free solutions may not back up all of a business’ data, and so a business must ration their backup or choose what they want to safeguard,” said Lamson. “Small businesses need to ensure they use a backup solution that has the capacity and capability to keep all of its data protected.”
When it comes to the time invested in and the tech support used for backing up, 22 percent of small businesses surveyed even pay for outside tech assistance.
Notably, 40 percent of those who manage the process in-house spend more than an hour per week backing up their company data – with six percent spending more than five hours per week.
Both approaches indicate that small businesses are losing time and money to support backup strategies that do not match their needs, especially since there are a number of online, automated backup services available that cut these expenses and eliminate time spent on this task.
Tags: Carbonite, data loss, hard drive failure, small & medium sized business backup plans
Posted in Internet/New Media, IT, Security, Studies, surveys, reports | 1 Comment »
Friday, March 9th, 2012
 An issue of the Harvard Business Review Global companies are intensifying their focus on enterprise-wide risk management (ERM) in the wake of the 2008 financial crisis and recession, but most executives feel their companies have a long way to go in building an effective, risk aware culture, according to a new survey by Harvard Business Review Analytic Services.
“Ownership of risk cannot be overstated, since the survey indicated that companies that employ a Chief Risk Officer, who works in tandem with the CEO and their executive leadership, scored highest in proactively managing risk in the organization”
Over two-thirds of 1,419 business executives surveyed in the new research sponsored by Zurich said risk management has increased in importance over the past three years. Yet only one in ten said their executive management is “highly effective” in creating a strong risk-management culture.
And while the need to link risk information to strategic decision making was identified as extremely important, only 14% felt their organization did that extremely well.
Among the top barriers to better risk management cited:
- Over-focusing on compliance rather than fundamental processes (42%)
- Lack of strong management support (41%)
- Reluctance to de-silo related information (35%)
A majority of the companies said their approach to enterprise risk management continues to be basic or reactive. However, about 40% of executives surveyed considered their approach to ERM to be “proactive,” involving the board as well as business and functional leaders at all levels of the organization.
This “best practice” group included financial services, health care, and energy companies and those with 10,000-plus employees. But many other industries have instituted ERM processes or improved their practices.
Executives in companies taking the proactive approach said that integrating risk management and corporate goals was key to gaining competitive advantage.
The study made clear that risk management needs to have a clear owner to be effective— executives reported that Chief Risk Officers are far more likely to oversee risk management now, than three years ago, although the CEO bears ultimate responsibility.
The study also found that at companies with strong ERM processes, “ownership” of risk stays in the hands of business and functional leaders. The CRO’s role is to advise and assist them, staying in regular communication and providing them with resources to better manage risk themselves. The result is what executives interviewed for the study call a “collaborative culture” that integrates risk awareness into the company’s strategic planning.
“Ownership of risk cannot be overstated, since the survey indicated that companies that employ a Chief Risk Officer, who works in tandem with the CEO and their executive leadership, scored highest in proactively managing risk in the organization,” said Alex Clemente, managing director of Harvard Business Review Analytic Services.
Integrated approach helping
Some of the top benefits of ERM that respondents cited were not directly related to risk management. Instead, respondents described the integrated risk management approach as helping their companies achieve better operational performance by removing siloed communication and by fostering:
- Improved strategic decision making (39%)
- Improved governance (34%)
- Increased management accountability (31%)
Executives in the survey stressed that their goal was not to create a risk-averse environment but one in which better measurement and understanding of risk gives them more confidence about making strategic decisions to build the business.
“There is no doubt that in today’s challenging environment customers, shareholders and employees expect clear commitment to comprehensive and forward looking risk management from top management and board. Supporting the findings of the survey that it is extremely important to link risk information to strategic decision making, 41% of the companies said they are deepening and extending the ties between risk management and strategic planning,” said Axel Lehmann, Chief Risk Officer at Zurich.
To access a copy of the Risk Management in a Time of Global Uncertainty report, please visit: www.hbr.org/white-paper/risk-management.
Tags: barriers, chief risk officer, Harvard Business Review, risk management
Posted in Best Practices, Business advice, Security, Studies, surveys, reports | Comments Off
Friday, March 9th, 2012
 Nearly six million domain names were added to the Internet in the fourth quarter of 2011, bringing the total number of registered domain names to more than 225 million worldwide across all domains, according to the latest Domain Name Industry Brief, published by VeriSign, Inc. (NASDAQ: VRSN), a provider of Internet infrastructure services for the networked world.
The brief also calls domain name hijacking a serious but manageable threat.
Growth rate of 2.7 percent
The increase of 5.9 million domain names equates to a growth rate of 2.7 percent over the third quarter of 2011, and marks the fourth straight quarter with greater than 2 percent growth. Registrations have grown by more than 20.4 million, or 10 percent, since the fourth quarter of 2010.
The .com and .net Top Level Domains (TLDs) experienced aggregate growth in the fourth quarter, reaching a combined total of 113.8 million names. This represents approximately a 2 percent increase in the base over the third quarter of 2011 and an 8 percent increase over the same quarter in 2010. New .com and .net registrations totaled 7.9 million during the quarter.
This is a 4 percent increase year-over-year in new registrations. The .com/.net renewal rate for the fourth quarter was 73.5 percent, up from 73.3 percent for the third quarter.
Verisign’s average daily Domain Name System (DNS) query load during the quarter was 64 billion, with a peak of 117 billion. Compared to the previous quarter, the daily average increased 8 percent and the peak grew 51 percent.
Domain Name Hijacking – A Serious but Manageable Threat
The latest issue of the Domain Name Industry Brief focuses on “domain name hijacking,” in which perpetrators fraudulently transfer domain names by password theft or social engineering.
As defined by security experts, domain name hijacking occurs when an attacker falsifies the registration data for a domain name, transferring that name away from its rightful registrant and gaining full administrative and operational control over the domain.
The brief analyzes how attackers use a wide range of techniques to hijack domain names, from spyware and keystroke loggers to “social engineering,” in which scammers impersonate registrants, registrars, or other entities in the chain of trust in order to gain access to passwords and personal information.
Regardless of the technique used, the end-result for registrants is often severe. Once an attacker has full control of a domain name, they have free reign to use it for any number of nefarious purposes, from creating their own scam websites, to hosting illegal and dangerous content, to extorting the original owner.
While the danger of domain name hijacking is significant, it is a threat that can be significantly reduced with proper planning and mitigation techniques, such as:
- Researching a registrar’s security offerings — and taking advantage of the tools they offer — can go a long way toward mitigating risk of hijacking;
- Employing password best practices for domain name registrations;
- Determining if a registry is using two-factor authentication to protect registrants; and
- Utilizing services such as Verisign’s Registry Lock, which allows registrants to set the conditions under which their registration information can and cannot be changed.
Verisign publishes the Domain Name Industry Brief to provide Internet users throughout the world with significant statistical and analytical research and data on the domain name industry and the Internet as a whole. Copies of the 2011 fourth quarter Domain Name Industry Brief, as well as previous reports, can be obtained at:http://www.verisigninc.com/DNIB.
Tags: domain name growth, domain name hijacking, top level domains, Verisign
Posted in Internet/New Media, Security, Studies, surveys, reports | 1 Comment »
Thursday, March 8th, 2012
 Hacktivists such as Anonymous may be having at least one good effect. They’re raising awareness of the need for better cyber security.
When asked “Is your company a potential target for hacktivists, organized cyber crime or nation state attacks,” 73% of respondents believe their organization is a target for hacktivists, and 71% identified organized cyber crime as a threat.
Only 57% believe nation state attacks are a risk to their organization.
nCircle, which sells information risk and security performance management solutions, conducted the survey of 244 attendees of the 2012 RSA Conference in San Francisco.
“Unlike cyber crime, there is no such thing as a small, private breach for hacktivists unless it is part of a larger attack plan,” said Tim ‘TK’ Keanini, CTO for nCircle.
“Hacktivist breaches are designed for media value and public impact, so they are always fully disclosed and the targets are selected for maximum shock value. On the other hand, every business with an Internet connection is a potential target for organized cyber crime.
“Hacktivists have increased our collective awareness of cyber security to a completely new level — everyone from IT security pros to my grandmother is worried about cyber security.”
Tags: cyber crime, hacktivists, IT security, nCircle, San Francisco
Posted in IT, Security, Studies, surveys, reports | Comments Off
|
|
|
