The week in security: Mobiles exposed as skills deficit hobbles security intelligence

Businesses are accumulating data faster than they can accumulate people to analyse it, one consultant has pointed out as data-intensive security proves both more promising and more problematic than ever. Some organisations are making ground by improving their security posture, but a surprising number still don't see security as being a continuous process – although they may change their tunes if the US Department of Homeland Security puts teeth behind claims that corporate boards of directors should be more involved in cybersecurity efforts.

One organisation that knows all about security as a continuous process is Melbourne and Olympic Parks, which has turned to next-generation firewalls to maintain strict network separation between crews handling different events at its major Melbourne venues. Yet it is airport tickets, not concert tickets, that are the most popular purchase for credit-card scammers, according to figures from security firm RSA.

Firefox has added application-reputation capabilities mirroring those already in Google Chrome, although there's no telling whether it will block the type of problems befalling consumers who have clicked on links hoping to score some free movie downloads – but gotten malware instead. And if you think that's bad, a new vulnerability discovered in Android mobile software is said to allow malware to hijack installed apps, their data, and even the entire device. Given that mobile-loving Aussies are also proving to be open targets for Koler malware, things aren't looking great in the mobile security arena.

Gartner was warning against hysteria about the location of data, while there was less certainty about whether hysteria is warranted when it comes to the new 'bring your own identity' trend by which users authenticate themselves with social-media credentials. That may sound like a good idea to some, but with privacy groups warning off Facebook from gathering users' Internet browsing patterns and warnings suggesting it may be a bad idea to use Instagram on public Wi-Fi.

Amazon suffered the ignominy of having hackers install DDoS malware on its platform after hackers exploited a vulnerability in distributed search engine Elasticsearch. It's yet another example of how a security chain is only as strong as its weakest link, as many organisations are finding out as other members of their supply chains turn out to be less secure than they should be.

As many continue to underestimate the importance of physical access control in developing IT-security strategies, others in the utilities industry are underestimating the importance of IT security altogether, if figures from Ponemon Institute are anything to go by.

Even Symantec may be guilty, if a penetration-testing company proves correct in its claims that Symantec Endpoint Protection has its own zero-day flaws. Such vulnerabilities are a reminder of how every company needs to remain vigilant in looking out for cyberthreats; US university Georgia Tech, for one, launched an early warning system designed to increase the awareness of new threats.