Endpoint Security Info » IT security

Security is being held back by the lack of IT staff

Agent Smith — Fri, 10 Dec 2010 08:48:22 +0000

A recent survey by Forrester Research shows that the lack of qualified security staff is one of the main reasons IT managers cannot successfully secure the enterprise. Their survey of over 2,000 IT executives in the US, UK, Canada, France and Germany found that one of the key problems behind corporate IT security is getting qualified staff to do the job.Almost half of the It managers in the US and Europe are dealing with this issue.

“Security leaders feel that they simply don’t have enough staff to carry out day-to-day tactical activities while adjusting to major business and IT shifts and changing threats,” said Forrester principal analyst Khalid Kark.

According to the survey, the lack of funds is also an issue, as 29% of US companies and 23% of European companies have dealt with IT funds shortages. One in three US managers, as opposed to one in five European managers, reports that too much time is spent on day-to-day activities.

In Forrester’s Twelve recommendations for your 2011 security strategy , Kark states his belief that companies will face an inflection point next year when the number of PCs in a company will be surpassed by non computing devices for the first time.

He recommends encouraging more mobile devices up to a point, as they are often equipped with better security than older computers, and standardisation of policies around device capabilities and not around not brands.

A rise in cloud services is also predicted in Forrester’s report.

Cybersecurity certifications to be recommended by the White House

Agent Smith — Thu, 10 Jun 2010 19:08:46 +0000

While their cybersecurity czar plans have been delayed for so long we were all a bit tired for waiting, the White House approach to fighting cyber threats seems to have found a new focus these days: recommending training, exams and detailed certification requirements for cybersecurity professionals employed or contracted by the federal government. And this is going through the careful review of a commission whose main purpose is to advise the Obama administration on cybersecurity policy.

The Commission on Cybersecurity for the 44th Presidency, which in December 2008 issued its Securing Cyberspace for the 44th Presidency report to Congress, is currently working on a sequel to that report, due sometime in late June or early July. The commission, made up of a who’s who of experts and policy-makers, is debating strategies for building and developing a skilled cybersecurity workforce for the U.S., as well as issues surrounding an international cybersecurity strategy and online authentication.

Of course, the discussion got a bit stuck in the first part of the future report, the cybersecurity workforce. With no one knowing if the new certification recommendation will take into account existing certifications or not, with people in the commission and in the field of cybersecurity having different takes on the issues, and given the need to details qualification needed for each type of IT security pro, I assume it will take a while to get to a common decision on this one

According to Tom Kellermann, a member of the Commission and vice president of security awareness at Core Security Technologies, the federal government has bigger problems: an insufficient workforce that’s about to shrink some more if certifications become mandatory requirements:

“I would suggest that we need to increase our workforce, but not ostracize those that don’t have certifications to get them or lose their jobs. They should be grandfathered in,” Kellermann says.

Exploring a movie-like scenario, I have to wonder – If they ever want to cut a deal with a genius hacker and have him/her do some anti-hacking work for them, would they care if that person has the required certifications?

Security pros expected to be in high demand for hiring

Agent Smith — Wed, 02 Dec 2009 09:06:09 +0000

With chief information officers planning to increase hiring, even if just a bit, in the first quarter of 2010, who they are looking to hire is the next big question. And according to a recent survey, they are making the right choices, as security professionals are among their high priorities, together with networking and application development personnel.

Robert Half Technology interviewed 1400 US CIOs to reach their results, which predict a net 3% increase in IT hiring activity, spread across companies of all sizes in Q1 of 2010. The net increase was reached after putting together the 7% who expect additions to their staffs with the 4% that expect reductions.

The health services industry stands out as a bright spot in the hiring report, with 16% of health services CIOs planning to expand their IT departments and just 3% planning cutbacks. Many health services CIOs pointed to increased staff needs stemming from the development of enterprise-wide applications.

I wonder if the high IT pros demands of health companies have anything to do with all the security breaches and data loss or theft of the past year or so… I bet it does!

IDC: Most Insider Leaks are Accidents

Agent Smith — Thu, 03 Sep 2009 09:26:54 +0000

When it comes to security breaches leading to data loss, accidents caused by insiders are more frequent and generally do more damage than those caused by insiders with malicious intents, shoes a new study published by industry research firm IDC industry research firm and sponsored bu RSA.

According to a report, 52 % of respondents characterized their insider threat incidents as predominantly accidental, while only 19% believed the threats were deliberate. Another 26 % said their insider issues were an equal combination of accidental and malicious threats.

“One of the things that jumped out at us from the study was how many insider incidents are unintentional,” says Chris Young, senior vice president of RSA products, quoted by Dark Reading. “These are individual actors who often are just trying to do their jobs and don’t understand that what they are doing is dangerous.”

“Employers view their relationship with employees as one of trust and recognize their people are their biggest asset,” said Chris Christiansen, program vice president of security products at IDC. “But the vast nature of an organization’s infrastructure, coupled with a dispersed, often global, employee base and complex internal user mix of employees, consultants, partners, and outsourcers make addressing the risks posed by its internal users the biggest security challenge that CXOs currently face. Whether the risk is intentional or not, it’s there. It’s real.”

The study also showed that in the past 12 months the 400 respondents that took part in the study admitted to 6244 incidents of unintentional data loss, 5830 malware/spyware attacks from within the enterprise, and 5794 incidents of risks created by excessive privilege and access control rights. The total number of internal security incidents was of a whoooping 57485 issues for the year.

As a response to this huge number of security only 40% plan to invest more in their on better handling their internal security risks. We would have definitely expected a higher percentage, given said number of incidents!

Obama’s Cybersecurity plan, a resignation marathon

Agent Smith — Sat, 29 Aug 2009 07:34:16 +0000

The White House might have a bright, shiny plan for cybersecurity, but it seems unable to keep the security heads it needs to manage and further implement it. No less than the people holding key positions related to the USA’s cybersecurity have resigned in the past few months.

The trend was started in March by Rod Beckstrom, who at the time resigned from his position as head of the National Cybersecurity Center within the Department of Homeland Security. The said center coordinates the defense of civilian, military, and intelligence networks. The reason for Beckstrom’s resignation? As he stated in a letter quoted by the Register, the post was underfunded and unduly controlled by the National Security Agency.

The next person to announce their resignation was Obama’s top cybersecurity director, Melissa E. Hathway. What led to her decision was the long months of delays by the Obama administration in appointing a permanent director to oversee the safety of the nation’s vital computer networks. As the Register points out, Hathway was one of the best candidates for the “cybersecurity czar” position. The czar would hold the authority for securing networks and infrastructure that serve US banks, hospitals and stock exchanges.

The third and most recent top cat in the US government to go is Mischel Kwon, the head of the US Department of Homeland Security’s Computer Emergency Readiness Team. Washington Post rumor has it that Kwon had grown frustrated by bureaucratic obstacles and a lack of authority to fulfill her mission. And it seems people in her position don’t stick around for too long, she was the fourth US-CERT director in five years.

Hopefully, the critical cybersecurity plan will eventually be implemented, without any further delays and resignations. Let’s keep our fingers crossed!

How to control device use the easiest way possible?

Robert — Fri, 10 Jul 2009 09:54:36 +0000

Take it to the could. See how it works explaind in plain english.
Device Control and DLP taken to the cloud to help you reduce cost and deploy much faster.

Device Control and DLP can with My Endpoint Protector be deployed in minutes at a fraction of costs from other solutions.

CoSoSys Launches World’s First DLP and Endpoint Security SaaS Offering

Agent Smith — Tue, 30 Jun 2009 17:25:14 +0000

CoSoSys, a leading developer of endpoint security and portable storage device applications, has just released My Endpoint Protector (MyEPP), the first Software-as-a-Service (SaaS) application to deliver Data Loss Prevention and device control “in the cloud”. MyEPP will help companies manage the internal and external security threats created by the broad availability and use of portable data storage devices, while focusing on keeping the impact on IT resources at a minimum. The new web service uses a policy-based approach to enable businesses to manage how data can be used on all endpoints – Desktops, Laptops, Netbooks and more – from a single centralized web console, no matter where those endpoints are located.

Why should you consider a MyEPP subscription?

Your company will be able to minimize inside threats and prevend data loss and data theft
The cloud computing approach means you don’t have to worry about servers setup, installation or management
You can access the centralized web-based dashboard remotely, from any computer with and Internet connection and a web browser
Real time monitoring of all devices used by your employees
Create your own security policy without the need for additional hardware or software, without the need of having in house IT security experts
Enforce your policies easily through customizable templates
All for prices as low as $2 per PC per month

“Most businesses today are aware that they need to proactively protect both their own intellectual property and customer information held in trust on their systems,” said Roman Foeckl, CoSoSys CEO. “But the thought of having to hire dedicated staff or consultants to install, implement and manage this type of solution has prevented many from taking the steps needed to protect that data.

“My Endpoint Protector makes enterprise-level device control and security accessible to even the smallest organizations without the need for expensive additional equipment or staff. Whether employees work from home, on the road or from remote locations, the security of their desktops and laptops can easily be centrally managed through the cloud.”

If you need more reasons to act now, just go ahead and evaluate the costs of a real data breach!

For more details on MyEPP, click here.

The UK Applies the Centralised Cyber Security Idea

Agent Smith — Tue, 23 Jun 2009 15:20:51 +0000

It seems that the centrally managed cybersecurity plans are a catchy trend. Following White House announcement, the UK is planning to create a centrally managed cybersecurity agency. All the secret operations that are currently going down within the intelligence and security services – Ministry of Defence, Home Office, MI5, MI6 and GCHQ – will be centralized and handled by a separate institution.

The UK plan will be soon made public, sometime before the summer Parliament recess, according to the Register, and will be included in the government’s updated National Security Plan.

The idea of a cyber tsar role, initially launched by US President Barack Obama, might also be implemented by the EU.

“The European Commission is now encouraging member states to cooperate on digital wargames, to simulate attacks from outside the bloc. Commissioners have suggested a European cyber security tsar should be appointed.”

Employees Couldn’t Care Less about Data Security

Agent Smith — Tue, 16 Jun 2009 08:54:39 +0000

More and more employees chose to overlook data security policies put in place by the companies they work for and engage in activities that could easily lead to data breaches, according to the findings of a new Ponemon Institute survey. The risky activities include taking private records with them on unsecured storage devices, downloading personal software on company systems, turning off security settings and networking on social media sites.

Most members of a company’s staff copy classified data to USB drives or turn off security settings on their work laptops. Compared to the Institute’s 2007 findings, the numbers of those ignoring company policies has increased.

Here are some highlights of the survey findings, as presented by PC World:

69 percent of the 967 IT professionals surveyed copied confidential company data to USB sticks
those who lost said USB sticks with confidential corporate data on them failed to report it immediately
almost 31 percent of respondents engaged in social-networking practices on the Web from work PCs
around 53 percent said they downloaded personal software on corporate PCs

Obama’s Cybersecurity Plan and the IT Security Industry

Agent Smith — Fri, 05 Jun 2009 14:43:15 +0000

US President Barack Obama has recently announced a White House coordinated security plan against cyber threats and attacks. According to the New York times that discussed the presidential speech in detail, the new plan will be carried out without any intrusions in people’s privacy. Obama promised to bar the federal government from keeping a close and permanent watch over “private-sector networks” and internet traffic.

How exactly will the plan work and how will its goals be reached? This part is unclear. What we know is that the President will appoint a new “cybersecurity coordinator”, a person with direct access to Mr. Obama and who will hopefully manage to also mediate the dissensions between the several agencies dealing with cyberthreats at the moment, such as the Pentagon, the National Security Agency, or the Homeland Security Department. According to the same article in NYTimes, this coordinator will also act as “action officer” inside the White House during cyberattacks launched on the United States by both hackers or governments.

How does this new spotlight on cybersecurity affect companies? For a lot of US companies, it’s a dream come true, as they all hoped the President will do something about the growing number of attacks.

Many computer security executives had been hoping that Mr. Obama’s announcement would represent a turning point in the nation’s unsuccessful effort to turn back a growing cybercrime epidemic. On Friday, several said that while the president’s attention sounded promising, much would depend on whom he chose to fill the role.

What I think is important to note is that the Obama announcement comes after a major shrink in IT security budgets (caused by the economic downturn), when thinks are starting to look brighter. Mixed with the major security threats and data loss cases that storm in virtual and pring newspaper and magazine pages, it will all lead to an investment increase when it comes to effective security. Which will benefit both security solution developers and companies who will no longer be exposed to significant financial losses.

Another interesting aspect of the Obama speech was his revealing information on the cyberattacks his staff had to deal with during the presidential campaign. He spoke of hackers who managed to get access to emails and campaign files, such as position papers and travel plans. The White House has finally reached a conclusion all security experts have known for quite some time, very articulately put by the US President:

“in this information age, one of your greatest strengths — in our case, our ability to communicate to a wide range of supporters through the Internet — could also be one of your greatest vulnerabilities.”

Endpoint Security Info » IT security

Security is being held back by the lack of IT staff

Related Posts:

Cybersecurity certifications to be recommended by the White House

Related Posts:

Security pros expected to be in high demand for hiring

Related Posts:

IDC: Most Insider Leaks are Accidents

Related Posts:

Obama’s Cybersecurity plan, a resignation marathon

Related Posts:

How to control device use the easiest way possible?

Related Posts:

CoSoSys Launches World’s First DLP and Endpoint Security SaaS Offering

Related Posts:

The UK Applies the Centralised Cyber Security Idea

Related Posts:

Employees Couldn’t Care Less about Data Security

Related Posts:

Obama’s Cybersecurity Plan and the IT Security Industry

Related Posts: