A recently published study shows that database administrators don’t fully understand security. According to these fresh findings, database administrators and IT decision-makers in general admit to knowing very little about security issues like change control, patch management, auditing etc. This survey was conducted on 214 Sybase administrators belonging to the International Sybase User Group.
“A majority of respondents admit that there are multiple copies of their production data, but many do not have direct control over the security of this information,” the survey report stated. “Only one out of five take proactive measures to mask or shield this data from prying eyes.”
According to the report’s author, Unisphere Research analyst Joe McKendrick, the ISUG survey is the first released of a series of similar database security surveys being conducted across various database user groups, including those running other platforms such as Oracle and SQL Server. Read more
According to Verizon’s DBIR (Data Breach Investigations Report) issued this year, the number of data breaches in the last years has fallen significantly, but there is still reason to remain vigilant. The numbers show a decrease from 144 million compromised records in 2009 to 4 million compromised records in 2010. The progress is even more significant if we take under consideration the progress since 2008, when 361 million records have been compromised.
This study was conducted by Verizon along with U.S. Secret Service (USSS) and the Dutch High Tech Crime Unit (NHTCU).
“With the addition of Verizon’s 2010 caseload and data contributed from the USSS and NHTCU, the DBIR series now spans 7 years, 1,700-plus breaches, and over 900 million compromised records,” said a post to the Verizon Business Security Blog that accompanied the report.
The UK government decided to invest £63 million in fighting against cyber crime for the next four years. This is but a part of the £650 million funding allotted to national cyber security, according to recent reports. Home secretary Theresa May, has revealed the amount at an informal meeting with the interior ministers of France, Germany, Italy, Poland and Spain, said a report on eGov monitor.
The Strategic Defence and Security Review last October marks the point when the UK government first stated its intention to get tough on cyber crime. Downing Street pledged a further £500 million to a national cyber security program despite having decided to cut budget in other areas. Read more
After a very successful year 2010 and many product launches and recognitions, CoSoSys announced it had been acquired by leading European Unified Threat Management vendor Astaro. Astaro plans to take over and keep both the product range of the Romanian company and their team.
The two companies will continue to develop CoSoSys’ existing range of endpoint and mobile data security solutions,and will also collaborate on integrating CoSoSys’ device control, data loss prevention and endpoint security solution into Astaro’s Unified Threat Management solution, the Astaro Security Gateway, and on providing a level of overall security beyond any solution currently on the market. Read more
A recent survey by Forrester Research shows that the lack of qualified security staff is one of the main reasons IT managers cannot successfully secure the enterprise. Their survey of over 2,000 IT executives in the US, UK, Canada, France and Germany found that one of the key problems behind corporate IT security is getting qualified staff to do the job.Almost half of the It managers in the US and Europe are dealing with this issue.
“Security leaders feel that they simply don’t have enough staff to carry out day-to-day tactical activities while adjusting to major business and IT shifts and changing threats,” said Forrester principal analyst Khalid Kark.
Employee perpetrated fraud has lost the average company about 5% of it’s revenue in the year 2009, the stealing of company sources representing up to 90% percent of the incidents. Employees tend to be tempted by privileged access to data and commit fraud. According to a report published by the Association of Certified Fraud Examiners (ACFE) this type of fraud is the most damaging, causing a loss over $4 million.
“They have a high level of access, which gives them a greater opportunity to commit fraud,” Ben Knieff, director of product marketing for fraud products at Actimize said.
In order to prevent such fraud there are a few proactive steps a company can take: Read more
Last week, a worm called “Here you have” has started spreading. Among the first targeted companies was Intel. The damages were minor, in part because of the companies traditional defenses, but mainly because of well trained employees. Malcom Harkins, chief information security officer at Intel states that the employees started calling IT as soon as they saw the worm.
“The employee base saw it, they reacted really quickly, and helped us contain it by alerting us to it and then telling others not to click on it,” Harkins says.
Due to the fact that mobile devices nowadays allow more and more people to work from virtualy anywhere, companies need to start treating their employees as security partners. Read more
Tired of being the main target of cybercriminals and other mean characters of the virtual world, SMBs are reconsidering their stand of security and starting to seriously apply it to their corporate infrastructures. These are the finding of a new survey conducted by Applied Research and published by Symantec. The new report shows that SMBs views have drastically changed over the past year, leading to more spendings on IT security and giving security policies a higher priority.
“Last year when we conducted this survey, a lot of SMBs were very confident in their security posture, but they weren’t always clear on the threat,” says Monica Girolami, senior product marketing manager at Symantec, who worked with Applied Research on the study. “This year they realize that they have gaps in their security stance, and they’re getting more serious — in fact, they rated data loss and cyberattacks as their top risks, even above natural disasters.”
When it comes to high-level executives, the rules of the game often change. They are used to ask for exceptions to be made for them, backdoors to be opened and a whole different set of rules to be applied. This is what turns them in one of the biggest threats to corporate security.
According to Jayson Street, CIO and managing partner of Stratagem 1 Solutions, senior executives often circumvent security rules and policies to suit their needs and whims at the expense of security. The negative effect is that the special treatment leads to enabling cybercriminals to easily gain access to corporate networks by impersonating as management personnel. That is why, because of their systems privilege and access rights, they become ideal targets for all those wanting to hack into corporate networks. Read more
There have been so many news lately about stolen hardware with important data, server hacks, security threats embedded in any new gadget that gets launched (like the iPad), that it could make anyone think all security companies and experts care about is pointing warning fingers towards anything cool someone would think of using. With all these stories, some of which we’ve shared on our Twitter stream, security becomes this two-headed monster that’s there to kill the fun in technology.
But that’s far from being true! Effective security is about playing it smart: seeing what could happen and preventing it, while allowing people to still have their share of fun. We tend to forget that, but that is the purpose to security in general and endpoint and data security in particular. iPods, iPads, colorful USB sticks, netbooks, smartphones, cameras, you should use it all as long as they help you work better and make your life easier. You should use them at home, in the office, while commuting, the idea is to know what threats they pose and how to prevent them.
Security experts to concentrate on everything bad that’s happening. The reason is simple, if companies and individuals don’t fear the consequences, they tend to ignore the risks. The all present mantra “It can’t happen to me” is their shield against all attacks and breaches. So there is a reason and a purpose behind showing off all the bad stuff, but that should never cast a shadow over the real goal of security: making your life safer and better.