Aujas US

An IDG Ventures Company

5 Hot Topics in Information Security for 2011

Hot topics in information securityAccording to the Aujas information security experts, these are the five crucial security topics that should be on the radar for business executives in 2011:

Data Governance and Data Leakage Prevention (DLP) – Some executives believe their employees know exactly what data should be protected and what data can be shared via website, conversation or social media.  These executives have a false sense of security. Many companies still do not have a strong data classification program or policy in place to educate employees on what is critical to an organization and what is not.  Some execs may also think that having a DLP tool and plugging it in is the answer. That’s like plugging in a power saw and saying you can build a house! Having a tool and knowing how to use it effectively are two different things.

Tip: Find a champion to drive your data governance and loss prevention initiative.  If your company has a CISO, this person is the most logical one to take on this role. If not, you can assemble a small team of stakeholders to work with guidance from a third party who specializes in information risk management.

Application Security – With so many applications being developed and used in companies of all sizes, some are being created without security in mind.  Some technology companies have a need to be the first on the street with a new application and are bypassing Security Development Lifecycle (SDL) protocol. They are thinking about security after the application is released and, sadly, are finding that they are spending more money to fix the application.

Tip: First perform a penetration assessment on your company’s critical applications to identify vulnerabilities. Then be proactive!  Create a framework in which security is part of the SDL.

 Social Media – The intentional and unintentional release of sensitive information via Facebook, Twitter, etc. can affect your company’s bottom line.  Your intellectual property may wind up on an underground website or, if your secrets are shared with the world, you may not be first to market with your new product or service. 

Tip: You don’t need to declare social media off limits to your employees. It is an important business tool that is not going away.  You do, however, need to understand the risks of social media, and make users aware.

 Cyber Security – Over the past year, more organizations have come to understand that there is a very real cyber security threat in the US and that the US Government cannot take care of every threat-related issue. Your company needs to develop a strong internal and external security programs to protect it.

Tip: Putting in place a robust information risk management (IRM) program is essential so that your stakeholders understand the people, process and technology risks and how they can affect your access, availability, and agility to conduct business.

Phishing – Hackers continue to use phishing, a type of social engineering, to solicit information from individuals.  Though the incidents of phishing were down in the second half of 2010, the attacks continue to get more and more sophisticated. 

 Tip: Perform a phishing diagnostic so that you are aware of the threat, specifically who in your organization is susceptible to this type of attack.

Aujas can help your company manage risk from these threats. Contact Karl Kispert, our Vice President of Sales, to learn more. He can be reached at karl.kispert@aujas.com or 201.633.4745.

Advertisements

January 24, 2011 Posted by | Data Leak Prevention, IT security, Phishing, Risk management, SDL, Social Engineering | , , , , , , | Leave a comment

Cyber Crime: The Ominous Writing on the Wall

Cyber-crimeWith the increased media scrutiny and attention that cyber crime attracts today, it is clearly evident that there has been an exponential increase in the sophistication, intensity and frequency of digital attacks. Technological advancements, changes in social behavior and the popularity of the Internet have permitted cyber criminals to make considerable financial gains, usually staying a couple of steps ahead of law enforcement agencies.

As the digital economy has evolved both in size and sophistication, so has the degree and intent of skilled cyber criminals and the nature of their attacks. Some of the more common technical forms of attack include: Virus, Malware & Spyware, Spam, Denial of Service, Phishing, and Password attacks.

While cyber crime encompasses a broad range of illegal activities, these can be categorized depending on the political, economic, socio-cultural and technical overtones of the attack.

Political Threats
A growing political concern among countries is the increasing use of cyberspace to carry out terrorist activities. Cyber terrorists not only intimidate governments and create panic but they also use the Internet to coordinate attacks and communicate threats. An example is Mujahideen Secrets, the jihadist themed encryption tool released ostensibly to aid Al- Qaeda and other cyber jihadists encrypt their online communications. Another example is the use of virtual world sites such as Second Life to conduct and participate in terrorist training camps. Additionally, political activism can be combined with hacking to target a country or group in order to achieve a political goal. Hacktivism, as this is called, is gradually gaining popularity as is illustrated by the attacks on the Estonian government following protests after the relocation of a Soviet World War II memorial. The attacks swamped websites of Estonian organizations, including the parliament, banks, ministries, newspapers and broadcasters.

Economic Threats
The relative anonymity of the Internet has led to a thriving online black market trading in an underground economy of stolen goods, identity theft and rogue businesses. These rogue businesses use the Internet to deal in illegal products or practices as exemplified by the Russian Business Network or RBN based in St. Petersburg. This is a notorious organization that provides hosting services for websites devoted to child pornography, phishing, spam, malware distribution and illegal pharmaceuticals. Identity theft is also becoming an increasing concern with sophisticated tactics such as vishing (Voice Phishing) used to obtain personal identities that are sold on the black market and used to commit credit card fraud and other illegal activities. Additionally, though corporations have always faced the threat of espionage, the opportunity to steal trade and corporate secrets has never been higher. With hackers, pressure groups, foreign intelligence services, organized crime groups and fraudsters willing to deal and trade with illegitimate or stolen material, illegal economic activity online will continue to accelerate and progress.

Socio-cultural Threats
Cyber crime also has far-reaching socio-cultural repercussions with social networking sites and virtual worlds increasingly used for tax free commerce, child porn distribution and other unsavory activities. This reality is catching up with Second Life, the much hyped virtual world that let users create avatars that can walk, chat, fly and buy and sell virtual stuff for real money. The social networking site is running into trouble with authorities over its gambling casinos, questionable virtual real-estate deals and alleged trade in pornographic photos of real children.

Technical Threats
As technology advances, cyber crime has to keep pace with modern and multifaceted changes. Technical cyber attacks include software piracy, botnets and threats against personal area networks in addition to the more popular spam, malware and computer virus threats. Software piracy is the copyright infringement of computer software, mainly for financial gain, such as websites that allow music to be downloaded for free. With the growing use of mobile devices such as Blackberry, PDA or laptops, attacks on Personal Area Networks (PAN) are leading businesses to encrypt or protect sensitive information.

While the threats of cyber crime are real and multifold, there is no single way to mitigate these combined risks. The simplest way to combat cyber crime would be to provide formal education as a little knowledge and precaution goes a long way in preventing cyber crime. Counter measures, such as password protection, firewalls and safe banking practices among others, can be followed depending on the threats and vulnerabilities.

November 4, 2010 Posted by | Cyber Crime, Risk management | , , , , , | Leave a comment