Enterprise IT security professionals faced increasingly sophisticated, stealthy and dynamic threats in 2012, but numerous surveys revealed that knowledge and understanding of the latest attack techniques are lacking in many organisations. Similarly, user security awareness has been a recurrent theme.
The past year saw an increase in the cost of data breaches, as well as a growing number of attacks targeting new technologies such as virtualisation, new communication channels such as social networking and new mobile devices.
Continued budget constraints have also prompted a growing number of calls for greater alignment between IT security and the business.
Here are 10 articles that illustrate some of the key challenges and strategies around information security for governments, businesses and individuals.
IT security workers must support business needs, says Ernst & Young
IT security professionals need to transform the profession if they are to persuade business they are doing a good job, according to Mark Brown, director of information security at Ernst & Young. “Most organisations think information security professionals are not fulfilling the needs of business,” Brown told attendees of the Govnet Cyber Security Summit 2012 in London.
Evasion threat to critical systems goes ignored, says Stonesoft
Many organisations continue to rely on ineffective intrusion prevention systems (IPS) for defending information systems, says security firm Stonesoft. Advanced evasion techniques (AETs) – which combine several known evasion methodologies to create new and dynamically changing techniques – bypass most IPSs on the market, tests have shown.
UK organisations fail to address social networking risk
Unguarded corporate social media accounts are leaving companies exposed to serious security breaches, a survey of more than 1,000 senior UK executives revealed. Most respondents (87%) said they use social media strategies to enhance their business, but 45% said they had experienced a security scare as a direct result in the past year, according to the survey by OnePoll on behalf of KPMG.
Many UK firms underestimate cost of data breaches, study finds
Many UK organisations are still failing to understand the implications of data breaches and estimate the costs of recovery accurately, a study revealed. Of the UK companies that have not yet suffered a breach, 58% told the Ponemon Institute that they believed brand reputation would be untarnished by a breach and 70% did not think the cost of customer acquisition would increase.
Half of companies lack cyber threat knowledge
Half of companies worldwide lack knowledge about potential security threats they may face, a global IT risks survey revealed. Almost a third of more than 3,000 IT professionals, including 200 from the UK, polled by security firm Kaspersky Lab, admitted they had never heard of any of the cyber epidemics that recently posed direct threats to their organisations.
Analysis: Businesses are not securing virtual environments. Why?
IT often virtualises new applications and workloads by default. Virtualisation is now the norm, deploying a physical server the exception. Yet, a third of companies admit they have not invested in security for their virtual computing environments. Why not?
Flame: What are the immediate implications for business?
Security researchers have discovered the most powerful cyber weapon to date, but what does the latest super cyber threat, dubbed Flame, mean for the security industry?
BYOD creating security risks for 80% of companies
Businesses are opening themselves up to security threats by failing to manage bring-your-own-device (BYOD) programmes properly. According to a study of 4,000 workers, carried out by Ovum, 80% of corporate BYOD schemes are “inadequately managed by IT departments”.
APTs: Are they really a concern for all businesses?
Stuxnet, Duqu,Flame, and Gauss have nothing to do with businesses that are not involved in finance and critical national infrastructure or government and military contracts – right? In line with this belief, many businesses are not taking these and other so-called advanced persistent threats (APTs) into consideration as part of their information security strategy, but is this wise?
IT security budgets mismatched to hacker targets, study shows
IT security budgets are not being used to provide defence technology in some of the areas the enterprise is most likely to need it in, a study has revealed. About 33% of hacker forum discussions are about training and tutorials for data theft techniques, such as SQL injection (SQLi), according a hacker intelligence report by security firm Imperva.