Once an anomaly with which government agencies and some private companies that work with them had to deal, advanced persistent threats (APTs) are becoming a considerable problem for a spate of larger organizations and public entities alike. Now, it is no longer a matter of if sophisticated cyber criminals have infiltrated your systems, say many experts, but when they hit and for how long they've lingered.
There's a saying in the security business these days: Either you've been compromised or you don't know you've been compromised. As advanced adversaries continually penetrate organizations of all sizes to serve persistent threats that siphon data over a period of days, weeks, months and even years, victims must learn how to spot the attack and decide their next action. Should they force the miscreants out the door, monitor their activities a bit or take another option? For certain, building up security mechanisms that make it harder for these attackers to lob APTs at their organization is a must, but just what should this entail. We learn more.
Our sixth-annual data breach survey, which polled IT security pros in the U.S. as well as those working in the U.K. and Australia, yielded interesting insights on how organizations are dealing with today's data security threats. And, while the majority of pros are optimistic about the steps they're taking to safeguard critical data from getting lost or stolen, many still cite plenty of challenges with which they must contend.
Cyber criminals are evolving their tactics to take advantage of organizations' most obvious weakness: employees. As such, organizations must be concerned more than ever before about how users interact with the technologies on which they rely everyday. Mobile devices, email, third-party apps, web browsers and more, all have major risks associated with them. And one wrong interaction with any one of these can lead to major attacks on critical and intellectual property, as well as overall brands and bottom lines
Enterprise data is increasingly becoming available on mobile devices. All the while, the storage and sharing of it must conform to sometimes strict requirements put forth in any number of government and industry compliance mandates. Getting in line with even the strictest of regulations may still allow important information to be breached, as many organizational leaders surely can attest.
With the economy flailing still, the threat of seemingly trusted insiders exposing or stealing critical data is more intense than ever. In addition, to a disgruntled worker recently having been laid off maliciously exposing sensitive information, there is also the lure of quick money to be made by acting on behalf of cyber thieves to steal certain bits of customer data.
As networks grow more complex, the process of securing and managing endpoints, applications and confidential information has become a stiffer challenge than ever before. The attackers know most organizations are like Swiss cheese when it comes to finding a way in and then exporting out sensitive data. The traditional defenses aren't working to the degree that companies demand, so as security becomes more and more tied to business operations, corporations are finding that the best defense is a solid risk management plan that speaks to both asset protection and compliance. But we all need help getting there. In this webcast, we'll ask the questions to which you want answers..
Professionals all over the globe rely on email daily to communicate with their colleagues, partners and customers. Indeed, according to research firm Radiacati Group, most email traffic is from the corporate space, with the number of business emails sent and received per day in 2012 globally hitting 89 billion. By the end of 2016, this should rise to 143 billion. No wonder, then, that alongside mobile security solutions and tools that provide a more holistic view of their networks, 43 percent of the 488 respondents to SC Magazine's annual Guarding Against a Data Breach are considering deployments of email management and content filtering tools in 2012.
Tablets, mobile phones, laptops are in most every executive's arsenal of business tools. Protecting these and the information transfers they enable therefore is critical. Challenges, though, abound - especially since many office workers are blurring the lines between their work and personal lives by embracing the BYOD movement.
The number of data breaches skyrocketed in the last year. Cyber thieves bent on obtaining personally identifiable information stole reams of it in hopes of getting rich quick by using the details themselves or selling it off to others. Hacktivists having goals to make examples of this or that government agency or corporate entity broke into various networks siphoning off data to expose on Pastebin.
There have been a slew of breaches lately. From Citi to Lockheed, no company is safe. But, what exactly does this uptick in criminal activity mean for organizations hoping to shore up their defenses, and just how should they be prepared when they get hit next? What sorts of areas should they account for in not only their security/risk management plans, but also their incident response programs?
Smartphones, tablets and personal devices are on your corporate network. Your users want personal connectivity and executives wants added productivity, but security must be maintained. What is the prudent path to satisfy all constituents? Lead by Illena Armstrong and Gil Freidrich VP of Technology at ForeScout, this timely webcast will examine: key mobile security risks, pertinent policies and alternative countermeasures, 5 proven scenarios for effective guest management, and phased steps for effective visibility and seamless enforcement.
The Payment Card Industry's Data Security Standard (DSS) is known as one of the most prescriptive industry regulations in the marketplace. Yet, even with all the details provided on ways to keep critical corporate assets secure, while, at the same time, get compliant with DSS, it still proves confounding to many executive leaders. Questions around the proper technologies to implement, the best strategies to focus on or the right security measures for newer IT technologies now being adopted by many organizations still abound.
Weaknesses in the software and applications used by corporations are the prime source for hackers to breach infrastructures, steal choice critical data and turn a profit in the sale or use of it. The exploitation of vulnerabilities that crop up because of corrupted websites or malicious content isn't new, but there are various ways to confront the problems.
Increasingly, attackers are having success by targeting weaknesses within client-oriented applications, exploiting these weaknesses through corrupted web sites and malicious content.IBM's Jack Danahy reviews some of the newer threats over the last several months and discusses ways to mitigate against them.
The media is chock full of news detailing incidents of cyberespionage, such as what China is accused of doing with IPs based in the United States and how criminals are infiltrating systems and stealing not just money, but patented trade secrets. And then, of course, there are attacks on the government. But, what the news reports don't reveal are the facts behind this growing criminal and state-sponsored trend.
Security budgets are holding their own in a tough economy, but IT security personnel charged with protecting networks and company information face increasing responsibilities - from fears of having the company's brand tarnished by a data breach, compliance demands, threats from insiders anxious about losing their jobs, and a slew of other drivers.
In this webcast, we learn what defines successful CSOs in 2010 as they battle tightened budgets, a sophisticated threat landscape and continued compliance hurdles.
In this special webcast, we find out just how cybercriminals are taking advantage of unprotected virtual environments and what practical steps companies can take to protect against these.
SC Magazine is pleased to introduce a unique webcast series celebrating its 20th Anniversary this year. The free 20-minute webcasts will feature a member of the SC Magazine editorial team in conversation with various industry thought leaders discussing the past, present and future of IT security.