Helping clients manage their technology for over 30 years.

IT Security in 2014: Challenges and More Challenges

Glass chess pieces

Information technology has become a business essential. We’ve reached the point where our ability to thrive and succeed depends on key software apps and the technology (wherever it may be) that runs them, our access-from-anywhere to the Internet, and our ability to gather and analyze troves of digitized data.

The easiest targets
So important are these capabilities that we often put them into use before we’ve figured out the myriad of ways they’re vulnerable to those with malicious intent. And while smaller enterprises used to be able to escape the worst of these vulnerabilities simply by slipping beneath cybercriminals’ radar, those days are gone.  Continue reading

When It Comes to Security, Know Thyself

Data Security & Data Loss Prevention (DLP)

“If you don’t understand the risks, you don’t understand the costs,” security guru Bruce Schneier advised during a TED talk.

He was discussing security in the abstract — but it got me thinking about IT security in particular and the difficulty many executives face trying to determine if their organizations are safe from cyberattack.

The problem is that these conversations nearly always turn technical. Soon, a flurry of technology acronyms — confounding but apparently reassuring — begin flying around the room.

And, reports Schneier, it works. People, he says, will “respond to the feeling of security and not the reality.”

So what can a CEO do to understand the reality of security risk and grasp what the actual cost of security failure might do to the organization?  Continue reading

98% of Apps are Insecure — Here’s How You Can Protect Yours

Mobile phone with password on screen to illustrate mobile security services

Sadly, one can make the argument that if software vendors did a better job of integrating security testing throughout the development lifecycle, our current struggles with application security might be less challenging.

In fact, however, software vendors are late to the party. Their security testing tends to be tacked on to the end of development lifecycles as an afterthought, which may account for one recent study’s startling conclusions that:

  • 98% of applications carry at least one application security risk (and each risk may signal the presence of multiple vulnerabilities)
  • 80% of applications showed more than five risks
  • The average application registered 22.4 risks

Continue reading

Application vulnerabilities: Closer than you think

graph showing application vulnerabilities. small version has no labels.

Consider: Last year, according to Verizon, 54% of data breaches began as attacks on web applications, and for years one type of attack — SQL injection — has been the means by which 83% of stolen records were extracted. Meanwhile, says Gartner, 25% of all DDOS attacks this year will be application-based, and an increasing portion of these attacks may actually be diversions in which the bad guys use remotely accessible malware to target user accounts (for personal data or, in the case of financial institutions, for money).
Continue reading

Corporate data loss: How bad is it? (Part 1 of 2)

Loss of Sensitive Corporate Data

In the wrong hands, the sensitive data your business depends on becomes a weapon wielded against it. And it’s happening more often every day.

Reports of intellectual property theft and hacktivism abound, and 2011 has been widely described as “the year of the data breach.”

It’s not hard to see why.

In 2011 alone, according to the nonprofit Online Trust Alliance, 126 million data records were compromised in the United States.

Continue reading

Dangerously vulnerable: 3 quick (and scary) anecdotes

How secure are the data, applications, systems, and networks your business depends on? If you’re like too many of the executives I talk to, you may believe all is well — but only because you haven’t asked the right questions.

One executive told me recently, “We’re cool; we haven’t had to touch our firewalls in three years.”

Continue reading

Protecting the value of your business

I can’t emphasize this enough: All of the technology products and services an organization devotes to securing its data, applications, systems, and networks have but one aim — to protect the value of the business.

Conversely, every data breach reduces the value of the business — and there are more data breaches every year.
Continue reading

Beware the malware pandemic

About a year ago, a routine enterprise security analysis turned up 75 gigabytes of stolen data. Thus began the discovery of the ‘Kneber botnet’, which had hijacked 74,000 computers at more than 2,500 organizations around the world.

Operating undetected for a year, the Kneber botnet’s 74,000 ‘zombies’ stole 68,000 corporate logins to e-mail accounts, online banking accounts, and a variety of public email and social networking sites. It also grabbed nearly 2,000 SSL certificate files used to secure the likes of online banking transactions.

Continue reading