Social media platforms such as Twitter, Facebook and LinkedIn increasingly are being used by enterprises to engage with customers, build their brands and communicate information to the rest of the world.
But social media for enterprises isn't all about "liking," "friending," "up-voting" or "digging." For organizations, there are real risks to using social media, ranging from damaging the brand to exposing proprietary information to inviting lawsuits.
There are more than one million unique open source projects today, with a projected growth of around thirty million by 2020. Open source is growing in the enterprise, but oftentimes when people think of open source, they are concerned about the potential security issues. But, those security concerns are merely myths. So, what is the reality when it comes to open source software security?
Britain's HSBC, which is one of the world's largest banks, is warning customers that it's been targeted by distributed denial-of-service attacks that continue to disrupt customers' access to online banking services.
The attacks began Jan. 29, and while HSBC reports that "we successfully defended our systems," as is common with mitigating DDoS attacks, the defenses employed have left some customers unable to access their online accounts. The bank says it's working with authorities to investigate the matter.
Software as a service (SaaS) is an increasingly popular way to acquire business software, especially in areas such as human resources and accounting, but security may be one of the best application areas for SaaS.
Getting a handle on security in your business is no small feat. You have to protect endpoints that range from PCs running older versions of Windows to mobile devices running Android and iOS operating systems. Windows and Linux servers may be running back office programs as well as customer facing applications that need constant monitoring and patching. Your email system is a prime target for attackers pushing phishing scams, botnet malware and other malicious content. To make matters worse, your adversaries are specialists who can invest time and resources into improving their techniques and avoiding your defenses.
The Tools and Methodologies of the Script Kiddie
To secure yourself against the enemy, you have to first know who your enemy is. This military doctrine readily applies to the world of network security. Just like the military, you have resources that you are trying to protect. To help protect these resources, you need to know who your threat is and how they are going to attack. This article, the first of a series, does just that, it discusses the tools and methodology of one of the most common and universal threats, the Script Kiddie. If you or your organization has any resources connected to the Internet, this threat applies to you.
As the Greek statesman Pericles once said, "Just because you do not take an interest in politics doesn't mean politics won't take an interest in you." It'll track you down, smack you around and show you what the real world is all about. Know it and understand it so you can play along.
Let us explore common political issues facing the Information Security function:
2. Self Interest
4. The Job Market
5. An excerpt of a 'House in Disarray'
Information security is extremely complex that it's often done the wrong way or not done at all. To the seasoned security professional that’s some understatement but I'm not referring to technical complexities. I'm referring to political complexities like the people, power struggles, hidden agendas and related crazy nonsense that make up the average business. Politics often drives security and can largely affect the organization's overall risk management.
image courtesy: Macfee
HACKERS ARE NOTHING if not persistent. Where others see obstacles and quit, hackers brute-force their way through barriers or find ways to game or bypass them. And they’ll patiently invest weeks and months devising new methods to do so.
There’s no law for hacking innovation, but anyone who follows cybersecurity knows that techniques get bolder and more sophisticated each year. The last twelve months saw several new trends and next year no doubt will bring more.
A short look at what to expect shortly.
You don't hear of many attacks on edge infrastructure. Viruses, worms and Trojans get all the press. Although attacks at the network edge are more difficult for hackers, they are also the weakest point for many organizations.
When now-notorious intelligence contractor Edward Snowden leaked volumes of classified NSA data to The Guardian and The Washington Post, the public learned of a $652 million campaign code-named GENIE. In essence, GENIE is a cyber-offensive against foreign networks, seeking to plant malware into PCs, firewalls, routers, and other IT infrastructure with the goal of putting those resources under remote, surreptitious control.
IoET may need another decade! Back in 2004, industry analysts predicted that tens of billions of things would be connected to the Internet within five years. It didn’t happen. The hype is back. The 50 billion things that were supposed to be connected by 2010 were merely postponed. The new projected arrival date is 2020.
The Internet of Things (IoT) is an exciting growth opportunity. (It’s also a misnomer, but that's a discussion for a future post.) The problem is that it is really many different opportunities, each of which will grow at its own pace. A few markets, such as asset tracking and automatic meter reading, have achieved considerable traction. Others, such as connected cars and smart homes, show great promise. And we all look forward to the day when sensors embedded in our clothing detect health problems in their earliest and most treatable stages.