IT Security Challenges For Small Business
A recent survey conducted by McAfee revealed that 52% of small and medium sized businesses felt they were too small to be of any value to cyber criminals and that they were adequately protected by default security settings.
For example:
- 35% of SMBs are ”not concerned” about being a target for cyber crime
- 52% don’t think they are well known enough to be a target for cyber criminals
- 45% of SMBs do not think they are a valuable target for cyber criminals
- 46% do not think they could make a cyber criminal any money
- 44% of SMBs think cyber crime is an issue for larger companies
Regardless of size, viruses, hacker intrusions, spyware, and spam can lead to lost or stolen data, computer downtime, decreased productivity, and worst of all lost revenue. And just because a business is small, it does not mean they are immune to security threats.
Continue reading IT Security Challenges For Small Business
Study Says 87 Percent of Breaches Were Avoidable
Verizon Business has released the “2008 Data Breach Investigations Report” that spans four years and more than 500 forensic investigations. It includes analysis of three of the five largest corporate breaches ever reported.
Key findings in the report indicate that 87 percent of all security breaches were avoidable through reasonable security measures.
Other key findings include:
- Most data breaches investigated were caused by external sources. Thirty-nine percent of breaches were attributed to business partners, a number that rose five-fold during the course of the period studied.
- Most breaches resulted from a combination of events rather than a single action. Sixty-two percent of breaches were attributed to significant internal errors that either directly or indirectly contributed to a breach. For breaches that were deliberate, 59 percent were the result of hacking and intrusions.
- Of those breaches caused by hacking, 39 percent were aimed at the application or software layer. Attacks to the application, software and services layer were much more commonplace than operating system platform exploits, which made up 23 percent. Fewer than 25 percent of attacks took advantage of a known or unknown vulnerability. Significantly, 90 percent of known vulnerabilities exploited had patches available for at least six months prior to the breach.
- Nine of 10 breaches involved some type of “unknown” including unknown systems, data, network connections and/or account user privileges. Additionally, 75 percent of breaches are discovered by a third party rather than the victimized organization and go undetected for a lengthy period.
- In the modern organization, data is everywhere and keeping track of it is an extremely complex challenge. The fundamental principle, however, is quite simple – if you don’t know where data is, you certainly can’t protect it.
Continue reading Study Says 87 Percent of Breaches Were Avoidable
Concerns Over Threats From Mobile Devices
Spyware, viruses and worms continue to plague most organizations, but security challenges tied to the use of handheld devices and mobile and remote computing are growing at a rapid pace, new research commissioned by the Computing Technology Industry Association (CompTIA) reveals.
The CompTIA survey of more than 2,000 individuals found that viruses and worms, cited by 54 percent of respondents, and spyware, selected by 51 percent, continue to be the top two information security threats organizations face today.
But security issues related to handheld devices, and to mobile and remote workers, are clearly emerging concerns. In each of the four countries where surveys were conducted the United States, Canada, United Kingdom, and China more than 50 percent of respondents said security threats related to use of handheld devices has increased significantly compared to one year ago.
Continue reading Concerns Over Threats From Mobile Devices
Best Practices for Security Management
Protecting your Enterprise IT system from threats both external and internal becomes harder each day. There will always be new methods of intrusion and infection that threaten your system. Your Security Management group should develop a set of best practices to ensure that your IT infrastructure is secure and can continue to support your business.
Continue reading Best Practices for Security Management
Microsoft Releases Stirling Beta
At the RSC Conference 2008, Microsoft announced the availability of the public beta release of their next-generation Microsoft Forefront security solution code-named “Stirling”.
Forefront “Stirling” includes a central management console for security configuration and enterprise-wide visibility, combined with the next-generation Forefront products that span the client, server and network edge. They include Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint and the next generation of Microsoft Internet Security and Acceleration Server (ISA Server), Forefront Threat Management Gateway.
For more information visit the Microsoft Forefront Code Name “Stirling” web site.
Protect Your IT Network - USB Drives and Portable Devices
Data theft via portable devices has become increasingly easy using portable devices such as USB thumb drives, flash memory cards, infrared, and Bluetooth devices. This puts sensitive data such as Social Security numbers, customer and company information at risk. With increasingly larger storage capacities, within minutes an employee or unauthorized user can walk away with large amounts of your company data. These devices also represent a threat to your network by introducing viruses or other malicious code.
SanDisk recently warned that IT is unaware of how many employees bring personal USB flash drives into the workplace. Their study found that 77% of corporate employees surveyed admitted to using personal flash drives for work related purposes. IT departments estimated the number to be 33%.
Continue reading Protect Your IT Network - USB Drives and Portable Devices
Symantec Releases Security Threat Report
April 2008 marks Symantec’s release of their latest Global Internet Security Report covering trends for July 2007 to December 2007. It includes analysis of network-based attacks, a review of known vulnerabilities, and highlights of malicious code. It also assesses trends in phishing and spam activity.
Continue reading Symantec Releases Security Threat Report
Detection and Prevention of Insider Threats
IT security and information risk management historically look for threats beyond the firewall. However increasingly threats to IT are coming from the inside.
A white paper produced by the Carnegie Mellon University CyLab examines patterns and trends of malicious insider activity and the best practices for the prevention and detection of insider threats.
Read the white paper here: Cert - Common Sense Guide to Prevention and Detection of Insider Threats in PDF format.
Intel Anti-Theft Technology for Notebooks
Intel announced today at the Intel Developer Forum in Shanghai an upcoming technology that will help address the issue of laptop theft. This is a major concern for companies with a mobile workforce. By nature the portability of laptops make them ideal targets for theft. News headlines of laptops containing sensitive information such as Social Security numbers and confidential company information being compromised from stolen laptops have become common. IT departments have been scrambling to lock down their company laptops and portable devices.
While current disk encryption technology allow you to encrypt the contents of a hard drive, Intel plans to further address the issue by rendering the entire laptop unusable should it fall into the wrong hands. Called Anti-Theft Technology (ATT) it appears it will render both the processor and the storage devices inaccessible.
