The week in security: Place your security best for 2016
- 22 December, 2015 09:37
As 2015 rolled into its last days, security pundits were dusting off their crystal balls to talk about in the market during 2016. And, if Donald Trump's statements about closing the Internet come to fruition, 2016 could be particularly interesting as the year that encryption died. One endpoint security specialist was also hastening the end of endpoint encryption, forecasting a shift of encryption controls towards other techniques such as whitelisting.
Ovum was exhorting companies to make better use of their threat-intelligence environments in 2016, while one security expert was warning that attackers were likely to target a US election and another suggested paying off Google and Microsoft for access to information to help in hacker investigations.
Hacks continued as usual, with MacKeeper the latest target in an attack that hit 13m user records, although some pointed out that the attack was a drop in the ocean that's out there in unprotected MongoDB and other databases.
Twitter was warning users that they may have been targeted in a nation-state attack. In the leadup to the Christmas shopping season, others were being warned of potential attacks by the TeslaCrypt ransomware, even as three men were charged with spam-related offences.
Companies looking to the cloud to replace legacy applications need to remember that their security environment is also likely to be as old as their systems. Microsoft was extending its SmartScreen security system to improve protection against malware, while a Linux vulnerability was found to be causing problems.
Spying code Jupiter Networks equipment, with hackers rushing to exploit the attack and corporations rushing to figure out for them.
One thing it means is that they need new and better security skills – which requires funding and senior clout, among other thing.that far too many executives are still not being briefed on security issues which, surveys suggest, are likely to have a more business-y ring to them when they are couched in terms of likely fines from non-compliance with changing regulations.
Google stopped trusting a Symantec certificate, while Microsoft for 20 certificates in a move that could create major problems in its wake.
