The latest Java zero-day flaw has the tech world in an uproar.
Advanced Persistent Threats (APTs)
Truly a virus for the modern world, the intent of APTs is less about creating havoc and all about making money. APTs target individuals and companies with the sole aim of stealing information for profit. They use phishing and spear-phishing to access corporate data stores and then operate ‘below the radar’, exfiltrating information over extended periods of time. We will see these attacks increase in frequency, especially in mid-sized companies where security is less mature. It's important to remember that it isn’t just large companies that possess valuable intellectual property that cyber-criminals can steal and sell on.
Collaboration
Many employees and companies are increasing their collaboration, but are hindered by the security implications. With data loss prevention (DLP) in mind, information security is currently determined at the file or document level. Policy today is such that the file is either ‘ok’, or blocked, and cannot be shared. However, if we take a more intelligent approach – removing the specific sensitive pieces of information – then the file would be okay to share and collaboration would continue. This mechanism would enable seamless sharing of many more documents for collaboration purposes, ultimately making working practices more efficient.
Even within organisations, the need to keep information on a 'need to know' basis is growing and internal 'DLP' is being introduced. The change from the traditional black-and-white, go/no-go approach to a more intelligent approach: that of automatic adaptive redaction, will create a useful middle ground. Automatic redaction will enable collaboration on documents to take place with the assurance that no sensitive information has left the organisation or been shared inappropriately.
Beyond 2013 – intelligent data
Similar to redaction, my long-term prediction for the industry is that we will see the introduction of increasingly intelligent data to enable organisations to share information more readily. Intelligent data goes beyond setting rules for documents. Instead, it sets rules for the data contained within these documents, such as setting access to specific information under certain circumstances. This means that a single document could be shared with multiple recipients, with each one only able to view the information that is pertinent to them within their specific context. The tools to support this are not available today, but they are coming: intelligent data will herald a new era of content and context-aware information security.
As security threats continue to evolve, it's more important than ever that businesses of all shapes and sizes have a robust security strategy in place for the year ahead and beyond. The cyber-criminals may be getting more sophisticated, but so are we.
Guy Bunker
Post from: Trendlabs Security Intelligence Blog - by Trend Micro
Botnets Are Everywhere – See How They Spread in the Trend Micro Global Botnet Map
Recently, we blogged about the file-infector virus known as W32.Virut and the botnet’s return to distributing new payloads.
Jez Humble's "Continuous Delivery" blog, while not directly speaking to IT Security professionals, often captures some incredibly salient points. His brief analysis of Nassim Talib's concept of "antifragile" is, I believe, is a must read (as is the book). While security tends to look for stability and robustness, it turns out these are (potentially) bad things...
Post from: Trendlabs Security Intelligence Blog - by Trend Micro
How to Use Java – If You Must