Endpoint Security: Playing it smart
There have been so many news lately about stolen hardware with important data, server hacks, security threats embedded in any new gadget that gets launched (like the iPad), that it could make anyone think all security companies and experts care about is pointing warning fingers towards anything cool someone would think of using. With all these stories, some of which we’ve shared on our Twitter stream, security becomes this two-headed monster that’s there to kill the fun in technology.
But that’s far from being true! Effective security is about playing it smart: seeing what could happen and preventing it, while allowing people to still have their share of fun. We tend to forget that, but that is the purpose to security in general and endpoint and data security in particular. iPods, iPads, colorful USB sticks, netbooks, smartphones, cameras, you should use it all as long as they help you work better and make your life easier. You should use them at home, in the office, while commuting, the idea is to know what threats they pose and how to prevent them.
Security experts to concentrate on everything bad that’s happening. The reason is simple, if companies and individuals don’t fear the consequences, they tend to ignore the risks. The all present mantra “It can’t happen to me” is their shield against all attacks and breaches. So there is a reason and a purpose behind showing off all the bad stuff, but that should never cast a shadow over the real goal of security: making your life safer and better.
Why cutting off USB ports is not a smart security solution
The USB ports leading to the computers in your network are somewhat of a hell hole, opening up the way to scary security breaches. It all comes down to the use of portable devices that can store large amounts of data that employees and visitors carry around, plug in and use, regardless of all the security red alerts popping up each step of the way.
But completely cutting access to USB ports, although still used, is not a smart move if you’re trying to protect your data against accidental loss or theft. Lawsuits, fines and seeing your customers drop like flies are all scary scenarios, but fear should never prevent you from playing it smart. Read more
Security software sales powered by the free offerings
When it comes to security, nothing seems better when it comes to marketing your product than having a free version to offer. Especially when you’re not the major market share holder, giving products away works miracles. At least that is the hypothesis of a recent DarkReading article.
But is this a new approach? Not exactly. From home user solutions to enterprise class security software, the smartest of the pack have a free version.
And why does this work? Simple. Why trust a sales pitch and a nicely designed demo when you can just download and install the product, test it, see how it works with your current infrastructure, then decide to buy. From one month demos to free, limited editions, this is the miracle of free: real results, real tests, no post-demo surprises.
Check out the success stories on DarkReading for more expamples of how free works in the security field.
IDC: Most Insider Leaks are Accidents
When it comes to security breaches leading to data loss, accidents caused by insiders are more frequent and generally do more damage than those caused by insiders with malicious intents, shoes a new study published by industry research firm IDC industry research firm and sponsored bu RSA.
According to a report, 52 % of respondents characterized their insider threat incidents as predominantly accidental, while only 19% believed the threats were deliberate. Another 26 % said their insider issues were an equal combination of accidental and malicious threats.
“One of the things that jumped out at us from the study was how many insider incidents are unintentional,” says Chris Young, senior vice president of RSA products, quoted by Dark Reading. “These are individual actors who often are just trying to do their jobs and don’t understand that what they are doing is dangerous.” Read more
Obama’s Cybersecurity plan, a resignation marathon
The White House might have a bright, shiny plan for cybersecurity, but it seems unable to keep the security heads it needs to manage and further implement it. No less than the people holding key positions related to the USA’s cybersecurity have resigned in the past few months.
The trend was started in March by Rod Beckstrom, who at the time resigned from his position as head of the National Cybersecurity Center within the Department of Homeland Security. The said center coordinates the defense of civilian, military, and intelligence networks. The reason for Beckstrom’s resignation? As he stated in a letter quoted by the Register, the post was underfunded and unduly controlled by the National Security Agency.
The next person to announce their resignation was Obama’s top cybersecurity director, Melissa E. Hathway. What led to her decision was the long months of delays by the Obama administration in appointing a permanent director to oversee the safety of the nation’s vital computer networks. As the Register points out, Hathway was one of the best candidates for the “cybersecurity czar” position. The czar would hold the authority for securing networks and infrastructure that serve US banks, hospitals and stock exchanges.
The third and most recent top cat in the US government to go is Mischel Kwon, the head of the US Department of Homeland Security’s Computer Emergency Readiness Team. Washington Post rumor has it that Kwon had grown frustrated by bureaucratic obstacles and a lack of authority to fulfill her mission. And it seems people in her position don’t stick around for too long, she was the fourth US-CERT director in five years.
Hopefully, the critical cybersecurity plan will eventually be implemented, without any further delays and resignations. Let’s keep our fingers crossed!
