Top IT Security Bloggers
-
Security and Ease-of-use: Strange Bedfellows
HP Following the Wh1t3 Rabbit - Practical Enterprise SecuritySecurity people may believe and even tell you that 'ease-of-use' is not their problem, but they're laughably wrong. A recent comment by an industry colleague stirred up some thoughts in my head, so I put some of it to keyboard...
-
[Infographic] Unwrapping Mobile Security During the Holidays
TrendLabs - Malware BlogExperts are predicting this holiday season will be the biggest holiday season for mobile devices yet. Whether it’s Android or iOS, phones or tablets, odds are good that you or someone in your family will be unwrapping and using a new device this holiday season. But once you unwrap your new device and turn it [...]Post from: Trendlabs Security Intelligence Blog - by Trend Micro
[Infographic] Unwrapping Mobile Security During the Holidays -
Infostealer Dexter Targets Checkout Systems
TrendLabs - Malware BlogSince data is the new digital currency, it is not uncommon to read about data stealers designed to collect users’ personally identifiable information (PPI) like credit cards, etc. So the entry of ‘Dexter’ in the threat picture comes as no surprise, especially as the holiday season draws near. There are reports of a malware that [...]Post from: Trendlabs Security Intelligence Blog - by Trend Micro
Infostealer Dexter Targets Checkout Systems -
#FFSec: Security pros to follow on Twitter, Dec. 21
CSO OnlineFollow these names on Twitter. Together, they make cyberspace a more secure place. (copy and paste) -
Top 5 Consumer Threats for 2012
TrendLabs - Malware BlogThe beginning of 2013 is just around the corner, which means we must prepare for a fresh start. But before we prep for the new year, we must first look back at the biggest threats of 2012 – to learn from them and arm ourselves with a new, more security-conscious mindset. Blackhole Exploit Kit spam [...]Post from: Trendlabs Security Intelligence Blog - by Trend Micro
Top 5 Consumer Threats for 2012 -
1,730 Malicious Apps Still Available on Popular Android App Providers
TrendLabs - Malware BlogThe presence of malicious apps on Google Play and other popular Android app providers remains a persistent problem. As of the first week of December, approximately 1,700+ malicious apps are still available on the Google Play and two third-party Android app distributors. Though app providers have implemented certain regulations to mitigate the ruckus of malicious [...]Post from: Trendlabs Security Intelligence Blog - by Trend Micro
1,730 Malicious Apps Still Available on Popular Android App Providers -
-
-
3 Reasons Why Africa Will be the New Haven for Cybercriminals
TrendLabs - Malware BlogWe’ve been hearing much about how Africa is rapidly catching up with the rest of the world in terms of the Internet. More and more Africa-based users are now connecting to the Internet, giving them a great resource for information and an easier means for communication. Unfortunately, as more users in Africa become connected to [...]Post from: Trendlabs Security Intelligence Blog - by Trend Micro
3 Reasons Why Africa Will be the New Haven for Cybercriminals -
Big Data, Intellectual Property, Steve Jobs and the Olympics: A Review of 2012
Clearswift Blog
As another year draws to a close, it's time to take stock of the security highs and lows of 2012. The year seems to have flashed past, but what have been the defining moments? SMS reaching its 20th birthday, the death of Steve Jobs (the iPod is still my favourite gadget of all time), the continued rise of the APT (advanced persistent threat) or the 160m pieces of personal data that have been lost in 2012? Cloud adoption, the consumerisation of IT (or bring your own device – BYOD, as it is now known) and collaboration have all featured heavily in the press this year, and all necessitate a change in working practices while also bringing new security (and availability) threats to businesses. And, of course, who could forget phone hacking and all the inappropriate Tweeting (trial by media has become rife)… It's tough to know where to begin…
Information security is increasingly recognised as something that we all must understand the consequences of; it's not just an area for IT to care about, it's not just something that the corporate exec needs to care about – it really is for everyone. For those who handle information it is about looking after that which you have been entrusted with properly; for those that don’t (as well as those that do) it's about hoping that your data is being properly looked after by others. Whether the custodians of your data are the government, the bank or internet shopping sites… start to add up the number of different places where your own information is stored and a furrowed brow may follow. Just how safe is ‘your’ information?
For me, the biggest event of 2012 was the change in SEC guidelines in the USA. Up until this year we have regarded PII (Personally Identifiable Information) and credit card/bank details as the most valuable kinds of information to grace the web and deserving of the greatest protection; indeed the whole Data Breach Notification laws grew up around this sort of information. The guideline changes means that other types of information are also now included, such as financial information and IP (Intellectual Property). The realisation is dawning that while the individual needs to be protected, the organisation should also protect its own secret sauce, its IP. If that disappears, then the company will be at risk – and so too will the employees, and of course the shareholders’ investment. It’s a subtle change in words but the impact will be huge, as, no doubt, some form of legislation will be forthcoming and will rattle around the globe. We have witnessed IP theft in the past for jet fighters and other ‘large’ items, but this year we saw it for, among other things, vacuum cleaners. This shift in target indicates that smaller companies need to worry about information theft just as much (if not more) than large companies. All information has a value to someone, and no one knows this better than the cyber-criminals, who exploit weak security to access the data they’re after. Increased protection is going to be required, but before it can be, organisations need to discover just where their information is – and that turns out to be a harder problem than first envisaged, not least because of the cloud, collaboration and BYOD! Security in 2013 is going to have to step up a notch to address the new requirements.
If we look at trending words of 2012, then the IT phrase of the year must be ‘Big Data’. A little like ‘grid computing’, ‘virtualisation’ and ‘cloud computing’ were in their time, it means everything to everyone and nothing to anybody. Most vendors talk about it, either being able to handle big data, or having a solution that will help. One thing is for sure: the amount of data we need to process and protect is increasing… which, on the flip side, means that preventing cyber-criminals from getting their hands on it becomes more challenging. There is a challenge to vendors to help organisations with ‘Big Data’ protect it and to protect the individual at the same time. Big data brings with it some interesting privacy challenges as well – but more about that some other time.
But I don’t want to end on a bit of a downer, so let's look to the highlight of the year – and who could forget the Olympic Games in London? Forget the athletes and the crowds and the atmosphere and the positive effect it had on the nation… let’s talk security. Or rather, let’s not… from a physical perspective it was there, but it was almost transparent (forgetting the debacle over the number of people required – it all worked out ok in the end); people saw it as necessary and behaved accordingly. What about the secrecy surrounding the opening ceremony – the request was made at the rehearsals not to give the game away on Twitter… and it wasn’t! And then there was all the behind the scenes security. Cyber-security requirements have changed since the Beijing games – hactivism has increased and with such dependency on IT for the games, the opportunity for cyber-terrorism was huge. Tens of thousands of systems across multiple sites all added to the attack surface. Scare stories came and went; missiles were installed on rooftops, Navy ships in the Thames, huge security incident event management (SIEM) solutions were installed to analyse millions (if not billions) of events per day, with rapid-response teams on standby. When the games closed, it had all gone without a hitch – and unlike Y2K where everyone complained that the action before the event had been disproportionate and expensive (given that nothing occurred – but we were ready!)… This time people realised that it was the decisive actions that were taken, and widely publicised, that prevented any security breaches from occurring.
At the end of the day, it all worked as planned and the games were a great, resounding success and a marvellous source of national pride – and that will be the overriding memory of 2012.
Guy Bunker