The cyber security threats with which information security pros must contend run the gamut from web-based malware to application vulnerabilities. Both traditional and ever-new methods are being used by cyber criminals to infiltrate corporate and government networks to steal data with ease. Compound this with widespread use of mobile devices and cloud computing and there is a lot on the plate for information security pros to manage. We talk to an expert about some of the insidious threats that security pros should be mindful of and find out the various steps they can take to ensure their risk management plans are keeping up.
There's a saying in the security business these days: Either you've been compromised or you don't know you've been compromised. As advanced adversaries continually penetrate organizations of all sizes to serve persistent threats that siphon data over a period of days, weeks, months and even years, victims must learn how to spot the attack and decide their next action. Should they force the miscreants out the door, monitor their activities a bit or take another option? For certain, building up security mechanisms that make it harder for these attackers to lob APTs at their organization is a must, but just what should this entail. We learn more.
Once an anomaly with which government agencies and some private companies that work with them had to deal, advanced persistent threats (APTs) are becoming a considerable problem for a spate of larger organizations and public entities alike. Now, it is no longer a matter of if sophisticated cyber criminals have infiltrated your systems, say many experts, but when they hit and for how long they've lingered.
Our sixth-annual data breach survey, which polled IT security pros in the U.S. as well as those working in the U.K. and Australia, yielded interesting insights on how organizations are dealing with today's data security threats. And, while the majority of pros are optimistic about the steps they're taking to safeguard critical data from getting lost or stolen, many still cite plenty of challenges with which they must contend.
Cyber criminals are evolving their tactics to take advantage of organizations' most obvious weakness: employees. As such, organizations must be concerned more than ever before about how users interact with the technologies on which they rely everyday. Mobile devices, email, third-party apps, web browsers and more, all have major risks associated with them. And one wrong interaction with any one of these can lead to major attacks on critical and intellectual property, as well as overall brands and bottom lines
Enterprise data is increasingly becoming available on mobile devices. All the while, the storage and sharing of it must conform to sometimes strict requirements put forth in any number of government and industry compliance mandates. Getting in line with even the strictest of regulations may still allow important information to be breached, as many organizational leaders surely can attest.
With the economy flailing still, the threat of seemingly trusted insiders exposing or stealing critical data is more intense than ever. In addition, to a disgruntled worker recently having been laid off maliciously exposing sensitive information, there is also the lure of quick money to be made by acting on behalf of cyber thieves to steal certain bits of customer data.
Professionals all over the globe rely on email daily to communicate with their colleagues, partners and customers. Indeed, according to research firm Radiacati Group, most email traffic is from the corporate space, with the number of business emails sent and received per day in 2012 globally hitting 89 billion. By the end of 2016, this should rise to 143 billion. No wonder, then, that alongside mobile security solutions and tools that provide a more holistic view of their networks, 43 percent of the 488 respondents to SC Magazine's annual Guarding Against a Data Breach are considering deployments of email management and content filtering tools in 2012.
As networks grow more complex, the process of securing and managing endpoints, applications and confidential information has become a stiffer challenge than ever before. The attackers know most organizations are like Swiss cheese when it comes to finding a way in and then exporting out sensitive data. The traditional defenses aren't working to the degree that companies demand, so as security becomes more and more tied to business operations, corporations are finding that the best defense is a solid risk management plan that speaks to both asset protection and compliance. But we all need help getting there. In this webcast, we'll ask the questions to which you want answers..
Tablets, mobile phones, laptops are in most every executive's arsenal of business tools. Protecting these and the information transfers they enable therefore is critical. Challenges, though, abound - especially since many office workers are blurring the lines between their work and personal lives by embracing the BYOD movement.
The number of data breaches skyrocketed in the last year. Cyber thieves bent on obtaining personally identifiable information stole reams of it in hopes of getting rich quick by using the details themselves or selling it off to others. Hacktivists having goals to make examples of this or that government agency or corporate entity broke into various networks siphoning off data to expose on Pastebin.
There have been a slew of breaches lately. From Citi to Lockheed, no company is safe. But, what exactly does this uptick in criminal activity mean for organizations hoping to shore up their defenses, and just how should they be prepared when they get hit next? What sorts of areas should they account for in not only their security/risk management plans, but also their incident response programs?
The Payment Card Industry's Data Security Standard (DSS) is known as one of the most prescriptive industry regulations in the marketplace. Yet, even with all the details provided on ways to keep critical corporate assets secure, while, at the same time, get compliant with DSS, it still proves confounding to many executive leaders. Questions around the proper technologies to implement, the best strategies to focus on or the right security measures for newer IT technologies now being adopted by many organizations still abound.
Weaknesses in the software and applications used by corporations are the prime source for hackers to breach infrastructures, steal choice critical data and turn a profit in the sale or use of it. The exploitation of vulnerabilities that crop up because of corrupted websites or malicious content isn't new, but there are various ways to confront the problems.
Security budgets are holding their own in a tough economy, but IT security personnel charged with protecting networks and company information face increasing responsibilities - from fears of having the company's brand tarnished by a data breach, compliance demands, threats from insiders anxious about losing their jobs, and a slew of other drivers.
In this webcast, we learn what defines successful CSOs in 2010 as they battle tightened budgets, a sophisticated threat landscape and continued compliance hurdles.
In this special webcast, we find out just how cybercriminals are taking advantage of unprotected virtual environments and what practical steps companies can take to protect against these.
SC Magazine is pleased to introduce a unique webcast series celebrating its 20th Anniversary this year. The free 20-minute webcasts will feature a member of the SC Magazine editorial team in conversation with various industry thought leaders discussing the past, present and future of IT security.
As we approach the end of 2008, we re-examine some of the major happenings of the year. What were some of the major breaches? Was key legislation enacted that made an impact? How are companies contending with customer demands regarding security and regulators' requirements on safeguarding critical data? What do all these happenings mean for 2009? And, more importantly, what do our readers think? We find out.
