There has to be a better way

IT Security Insider

Subscribe to IT Security Insider: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get IT Security Insider: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

Across all industries, small businesses are increasingly facing new threats related to cyber security. Whereas some have taken minimum steps to address these threats but most have not. New security threats and incidents are reported every day in news reports and a many remain unreported. This underscores the need for cyber security education of small business owners and managers. These threats have potentially serious consequences and could lead to unrecoverable damage to small businesses. What are some consequences of the lack of basic cyber security controls? Loss or stolen customer data Loss of intellectual property Decreased productivity Legal liability Regulatory sanctions and fines Computer systems downtime Loss of reputation and customer confidence Loss of revenue Banking Fraud Could this happen to you? It is very important to understand that neither size nor i... (more)

Top Mistakes That Leave SMBs Vulnerable

Today even the smallest of businesses can generate a huge volume of emails, payment information and other data that must be protected. Medical practices, credit unions and independent retailers all face HIPAA, PCI and other standards. With so many regulations and limited budgets, how can small businesses keep up? Here are the top security mistakes that leave SMBs vulnerable to breaches and compliance audits. Ignoring Blind Spots In small businesses, technical expertise is generally not deep - rather, the folks in charge of protecting data are often performing other job functions in the company. If your staff lacks expertise in a given area, it is important to invest in a regular health check with subject matter experts to ensure each solution you have in place continues to remain optimally configured, and operating at peak performance. Thinking Your Size Makes You ... (more)

Canadian Outfit Releases Encrypted Portable Private Web Browser

Vancouver-based ENC Security Systems, which is supposed to make "un-hackable" Encrypt Stick flash drive software, has released an Encrypt Stick 5.0 Private Browser, a digital privacy browser that it claims is the safest way to browse the Internet. Its timing couldn't be better considering the Federal Trade Commission is now backing the development of a Do-Not-Track system for web that's got the online ad people worried about their $23 billion sector and claiming it will mean the end of free content and Firefox revisiting a Do-Not-Track mechanism after Mozilla, pressured by an ad exec, killed such a tool a few months ago for fear Madison Avenue would come up with something sneakier, the Wall Street Journal says. Anyway, the Encrypt Stick Private Browser runs from the user's flash drive and applies polymorphic encryption, which creates unique encryption algorithms ... (more)

Yahoo Investor Pegs Company as ‘Illogical Alice in Wonderland’

Yahoo said late Sunday that it has named three independent board members in an attempt to foil Third Point, its largest stockholder, from staging a proxy fight at the next stockholders meeting whenever that is. Third Point said it offered "several significant compromises to strike a deal and avoid a proxy contest. Today, the board has shown yet again that they are unable to execute deals that are in the company's best interests. Sadly for shareholders - who will once more bear the costs - the consequence of the board's refusal to accept Third Point's shareholder-friendly proposals will be a time-consuming and distracting proxy contest that the company can ill-afford....In the absence of independent shareholder oversight, the Yahoo boards of the past five years have given shareholders five CEOs and strategic plans in as many years and seriously damaged the value of th... (more)

Taking a Holistic Approach to IT Security

Welcome to the latest edition of the HP Discover Performance Podcast Series. Our next discussion examines how regional healthcare services provider Lake Health in Ohio has matured from deploying security technologies to becoming more of a comprehensive risk-reduction practice provider internally for its own consumers. We learn how Lake Health's Information Security Officer has been expanding the breadth and depth of risk management there to a more holistic level -- and we're even going to discuss how they've gone about deciding which risk and compliance services to seek from outside providers, and which to retain and keep on-premises. Here to explore these and other security-related enterprise IT issues, we're joined by our co-hosts for this sponsored podcast, Chief Software Evangelist at HP, Paul Muller, and Raf Los, Chief Security Evangelist at HP. And we also we... (more)

Victim-nomics: Estimating the “Costs” of Compromise

Since launching ThreatConnect.com, Cyber Squared's Intelligence Support Team has become more effective in managing, analyzing and sharing our Threat Intelligence. While understanding the threat remains one of our core requirements, we have also begun to fill a key gap that, we feel, many within the industry are failing to address. Providing effective Threat Intelligence requires more than just characterizing the threat from a technical perspective.  Instead, you must strike a balance between providing technical context as well as non-technical relevancy to the victim.  Industry report authors will often admire the cyber espionage problem all the while promoting their technical talents.  Unfortunately, these overly technical threat details are not easily interpreted or acted upon by today's non-technical business leaders.  So, ultimately, this shortcoming often over... (more)

Is IDaaS a Trustworthy and Feasible Option?

Conspiracy theorists and other concerned citizens will insist the government is watching every keystroke, keeping a record of every website, transaction, text and email. Shades of 1984’s Big Brother, right? These last few weeks, the news has been brimming with revelations of data surveillance and monitoring by the government (not to mention data harvesting corporations like Google, Yahoo, Facebook etc…). Everyone, including the security buffs at CloudAccess, is sensitive as to what is being looked at, stored, and analyzed for hazily defined purposes. Privacy is no longer as private as you think; and hasn’t been for many years. Politics, ethics and debates over 4th amendment interpretation aside (as they serve no useful purpose in this analysis), a question was asked on one the security forums that in light of these alleged breaches of trust, whether cloud security... (more)

Best Practices to Ensure Security in the Private Cloud

As regulatory oversight across the financial landscape continues to drive greater transparency and stricter penalties, outsourcing to the private cloud has become an integral resource for hedge fund and private equity managers. Cloud infrastructure services are now synonymous with increased efficiency, decreased costs and added security. However, security in particular remains a key concern for many financial services firms. The costs a cloud services provider can incur in dealing with a security breach, both financially and to its reputation, can be devastating. Infrastructure providers, particularly those catering to financial services firms such as hedge funds, must have strict policies in place and employ best practices to ensure that their clients receive the same level of security as they would achieve with an on-site network. While most participants in the f... (more)

Test All Apps to Keep Hackers from Penetrating Castle Walls

Despite all the news about hackers infiltrating major corporations, most businesses continue to leave themselves woefully unprotected. Some surveys estimate more than 70% of businesses perform vulnerability tests on less than 10% of their cloud, mobile and web applications. A majority also confess they have been hacked at least once in the last two years. While most large businesses have begun application vulnerability testing, there is still a long way to go. After all, you are only as strong as your weakest link; hackers will undoubtedly find and attack any application without sufficient defenses. Although testing and creating protection for high-value and mission-critical applications is better than not doing anything at all, leaving low-priority applications unprotected is still a major risk. If hackers can exploit just one application, that means they can then ... (more)

The Major Cloud Security Threat By @Intermedia_Net | @CloudExpo [#Cloud]

The Major Cloud Security Threat Most IT Departments Overlook Eighty-nine percent of knowledge workers retain access to the sensitive corporate applications and files of former employers. Earlier this year, a member of the team at Site-Eye, one of the top time-lapse film companies in the UK, noticed a disturbing problem with one of its client's feeds. A deeper investigation revealed that of the 200 cameras it had installed at construction sites around the world, 120 had been remotely disabled. In order to restore service to these cameras, engineers needed to be dispatched to each location, setting Site-Eye back $80,000. The cause behind the problem? A single disgruntled former employee who walked away from his job with the passwords to the company's services in-hand. This is an issue that is far from isolated to the time-lapse film industry: it's actually a risk for an... (more)

Massive Insider Trade Probe Could Result in Slew of Indictments

The Galleon insider trading case, which the authorities advertised as the biggest known hedge fund scam in history, was apparently just the tip of a giant insider trading iceberg. The Wall Street Journal reported Saturday that federal authorities could file civil or even criminal charges against consultants, investment bankers, hedge fund and mutual fund traders and independent analysts across the country by the end of the year. It is not exactly clear what anybody did wrong but it appears that standard garden-variety "channel check" and "build plans" research may be illegal since they can move markets, but that may not be the whole of it. A federal grand jury has reportedly already heard evidence of illegal profits in the tens of millions of dollars and authorities made their first arrest Wednesday, hauling in Don Ching Trang Chu for insider trading on premature ... (more)