Security
Combating Malvertising
Internet advertising spend now outpaces all other forms of media. In the UK only, digital will make up almost 50% of the total ad spend and it will be worth £13.9bn this year according to GroupM, WPP’s media buying arm. With numbers like that, it’s no surprise that cyber attackers are also turning their heads towards internet advertising. Media and publishing sites, large and small, attract a wide range of traffic from individual consumers and organisations across the globe. They also rely largely on advertising for revenue. According to a recent Mid-Year Security report it is likely that the growth in malvertising (online advertising used to spread malware) is partly responsible for the surge in web malware encounters for the media and publishing industry in the first half of 2014. ......
Encrypt, Mask, Purge: A 3-Step Approach To SAP Security
Last year, PC World published an article discussing SAP security. Though SAP has consistently improved its data security, the article highlighted inconsistent security practices used by users of SAP products. For example, one expert cited in the article estimated that 5 to 10 percent of SAP users expose critical services to the Internet that ought not to be publicly accessible. These services are vulnerable to hacking. Another expert felt that those numbers were low and that many of the systems were still vulnerable to well-known exploits. The discussion then moved to the age of some SAP implementations, suggesting that age could contribute to vulnerabilities. However, if administrators stay on top of SAP security patches, age is not generally considered a risk for supported SAP products. ......
IT Lessons From iCloud: The Increasing Need For File-Centric Security
I don’t need to tell you about the Apple iCloud hack: the lurid details have been exhaustively documented elsewhere. However, I do want to tell you what your organisation should take away from it: it is critical to think about the security of your information at the file-level, rather than the device level. Data-centric protection is critically important, particularly in business, and particularly for files, whether they are selfies or strategy PowerPoints. With the relentless growth of Dropbox and iCloud, the walls around the typical organisation have disappeared. The only solution is to build new walls around the data itself. For a long time, information security groups like the Jericho Forum have worked to help organisations understand that their firewalls were no longer protecting thei......
Why Enterprises Should Use Exploit Prevention Technology
One fact is indisputable: Security incidents are increasing in number. According to the 2014 “Global State of Information Security Survey” conducted by PwC, the number of security incidents among enterprises jumped 25% between 2011 and 2013. And a recent IDG Cyber Defence Maturity Report found 96% of respondents had one significant security incident, and one in six had five or more incidents in the last year. Why are intruders continuing to compromise enterprise networks despite the tremendous investments made in IT security? First, attackers most commonly target vulnerable endpoints. Studies have shown that approximately 80% of enterprise breaches started with a device on the network that contained a known vulnerability, or that should not have been on the network in the first place. Once......
Data Leaks In Hollywood: Who Could Be Next?
The recent iCloud hack and subsequent leak of intimate photos of Hollywood celebrities has made it clear that even the rich and famous aren’t immune to data loss. The fatal mistake these stars made was to forget that data, be it an email or photo, isn’t static. More often than not it goes straight to the cloud, where in theory it can be accessed from anywhere. What’s happened to the stars of the screen is exactly what’s happened to countless businesses and high profile individuals over the years. Clearly, there is still some progress to be made when it comes to protecting sensitive data within the cloud. But what other high profile sectors are in danger of suffering a similar fate to Jennifer Lawrence, and how can they protect themselves in the future? The Vatican The Pope set up the Vatic......
The IT Manager’s Toolkit: DR And Planning For The Worst
In recent years there has been a significant shift in the ways businesses depend on technology. From data management and system developments to customer communications and troubleshooting, IT managers play a key role in ensuring that a business runs smoothly and efficiently. This also includes putting a bullet proof plan in place for when things go wrong. Worryingly, this is often overlooked, meaning that many Disaster Recovery (DR) plans are often not addressed until disaster strikes – leaving businesses vulnerable and exposed when systems fail. DR In The News Take Blackberry’s infamous network meltdown for example. Back in October 2011, BlackBerry experienced a huge service outage that resulted in millions of customers across the globe being unable to send or receive emails and BBM......
Businesses Face New Security Challenge From The Internet Of Things
Despite the all the noise around the Internet of Things (IoT) today, the fact is that it’s not new. There has been an IoT for at least ten years, if not longer. Webcams, printers and other machines have been connected and communicating via the IP protocol for quite a while. There have always been things communicating with each other. However, there are some new aspects to it that are affecting security. In the past, the IoT was for the most part, operated by professionals. At the very least, somebody consciously connected devices and had to take responsibility and ownership of them. The pervasive consumerisation of the IoT has changed that. If you take the example of the infamous smart fridge, no one makes a conscious decision to connect the fridge to the Internet. Most of the decision mak......
Next-Generation Firewalls Must Evolve To Remain Relevant
When Gartner coined the phrase “next generation firewall”, in 2003, it captured a then-nascent approach to traffic classification and control. Combining traditional packet filtering with some application control and IPS layered on top, today’s ‘legacy’ NGFWs do pretty much what they say on the tin. However, whilst NGFWs continue to be a vital part of an organisation’s protection, they were designed for a time before advanced targeted threats started attacking our enterprises – threats which often go undetected until it’s too late. Most organisations today secure their networks using disparate technologies that don’t – and can’t – work together. They leave gaps in protection that today’s sophisticated attackers exploit. These point solutions lack the visibility and control requi......
Modern Corporate Business Security: When To Use Private Investigators
To start off this article I’m going to touch upon how frail online security is in an age so dependant on social media, online marketing, and ultimately, online shopping. We all know fraudsters exist, and a few of us may have even experienced it, but just as quickly as technology is managing to prevent cybercrime, hackers stay one step ahead. You’ve all no doubt heard about the iCloud email hack, right? The news has recently been crammed with stories of celebrities having their “naughty” pictures hacked and littered on Twitter for all and sundry to view. Celeb’s voicemail have also been hacked in the past, leading to many prosecutions; however, what good are prosecutions when us mortals aren’t being given the same level of attention and help? Imagine the power hackers have once they access ......
Driving Digital Growth With The Internet Of Things
Due to the ubiquitous nature of connected objects in the Internet of Things (IoT), an unprecedented number of devices are expected to be connected to the Internet in the next few years. IoT, mobile and security are growing at a massive pace. In fact, IDC mentions that spend in these areas will be $7.3 trillion (IoT), $107 billion (mobile), and $8 billion (security), respectively, by 2017. Not one of these areas can exist without the ability to propagate and manage identities across them. Before the Internet of Things, in an age where companies only connected computers to other computers that were ‘trusted’ and within the network, security was a much simpler affair. Legacy systems were created to be secure on an internal basis, keeping all evil at bay. Security was perimeter based. Everythi......
What Can The Banks Learn From Online Dating?
At first, the idea that banking or finance sectors could learn a trick or two from the online dating industry is laughable. After all, while the former is heavily regulated, deeply complex and integral to our economy; the latter is frivolous by comparison. Dating, as is often said, is a numbers game! And organisations such as Match.com, eHarmony and Zoosk rely on very sophisticated technology as they sift through vast customer bases to create the most compatible couples. Specially, they rely on data to build the most nuanced portraits of their members that they can, so they can find the best matches. This is a business-critical activity for dating sites – the more successful the matching, the better revenues will be. One of the ways they do this is through graph databases. These differ fro......
JPMorgan Data Breach: Cybercrime Is Not High Enough On The Corporate Agenda
This latest major cyber-attack follows high profile data breaches at Barclays earlier this year, and the US retail giants Home Depot and Target, at the back-end of 2013. The Target breach was larger than the current story being reported from JPMorgan, though the ramifications of the attack on the bank could be far greater given the sensitive nature of the information held. Retailers are not known to be at the forefront of security investments as they protect customer information and comparatively low value physical goods. Obviously, with banks the situation is very different as they look after cash and highly valuable assets. Initial public reports appear to indicate that the hackers breached JPMorgan’s network via an employee’s personal computer, with malware establishing a VPN tunnel int......