The week in security: When corporate 'security' just isn't

Following on from the hack of analyst firm Stratfor in December, Wikileaks has published more than five million emails from the group —painting in stark clarity just what can happen if you don't take your security seriously enough. And while CIOs should consider their risk culture and are expected to boost security spending in 2012, it's crucial to make sure your company's site is secure before you try to implement anti-distributed denial of service (DDoS) systems, one group warned.

Also, feeling the pain of overexposure is Carrier IQ, which was embroiled in scandal when its mobile-snooping software was called out but now hopes the value of its data will bring customers back. And Fixmo, which specialises in high-security applications, has designed software that can turn off applications running on compromised iOS and Android based mobile devices. On a similar note, the US FCC has floated the question of whether it's ever appropriate to shut down an entire mobile network to ensure public safety.

Reflecting the growing awareness of mobile security issues and the need for a "new privacy", the Cloud Security Alliance launched an innovation program designed to spur collaborative thinking around improving mobile security. They'd better think fast, because malware authors of Lulzsec and myriad others are getting smarter every day as they figure out new ways to avoid detection. They're also using DNS as a command-and-control channel to sneak past corporate security protections.

Mobile security was one of many themes at the RSA 2012 conference, where security bods variously argued for better cloud security, debuted an initiative by Good Technology to bring RSA SecurID functionality to smartphones, and warned that information security is a fast track to career stress and burnout.

No wonder, what with constant new hacks causing headaches; Microsoft was certainly feeling that way after its Indian operation warned customer credit card details may have been compromised after its online store was recently hacked. Some argue that legal liability is the only way to convince companies to secure themselves, whilst others continue to put their money on the security market's continuous evolution.

Mobile peak body the GSMA published a set of guidelines for giving users more control over how users access their information – information that could, if new legislation isn't stopped, be stored and analysed by ISPs in an effort to fight child pornography.

As if that weren't enough, the US government saw a new cybersecurity bill introduced|]]. And other legislation may be sliding into place in the European Union, which (like the government of Japan) warned Google's new privacy policy breaches European privacy laws and may, in separate news, criminalise the process of "probing" a website to determine if it has vulnerabilities.

This could be particularly contentious given the corporate world's push to invest in "big data" systems that offer great business rewards but come with high risks as they become targets for data-minded hackers and social engineers. Worryingly, new statistics suggested that more than half of organisations take "months or years" to even notice they've been hacked; imagine how much damage can be done in that time and you've got an idea why the hackers seem to be doing very well for themselves of late. That's because they are.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

More about CarrieretworkFCCGood TechnologyGoogleMicrosoftmobilesRSATechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts