Top 12 IT Security Stories of 2012

1. 6 Ways to Defend Against Drive-by Downloads

Cybercriminals are increasingly using drive-by downloads to distribute malware without end users knowing something bad has just landed on their machine--until it's too late. Here are six ways IT departments can protect end users from the productivity sink and potential data loss that drive-by downloads create.

2. How to Tell If an Email Is a Phishing Scam

As email phishing operations have grown more sophisticated and convincing, it's harder for even savvy corporate email users to determine whether an email is authentic or fake. Here, presents an example of a particularly convincing phishing email. We asked, Daniel Peck, a research scientist with email security company Barracuda Networks, to offer tips on how to spot a scam.

3. Are You at Risk? What Cybercriminals Do With Your Personal Data

When hackers attack a company's systems and steal your personal data, what risk does that pose to you and other victims? How much is your name and email address worth to cybercriminals anyway? To find out what's really at stake, asked security experts six key questions about data security breaches.

4. 4 Ways to Prevent Domain Name Hijacking

A company's domain name is one of its most valuable assets, yet businesses do little to protect them from being hijacked. As DNS hijacking becomes more prevalent, IT leaders need to understand how they can protect their companies from the damages domain hijacking wreaks. Here are four tips.

5. How to Build Multiple Layers of Security for Your Small Business

The complex and ever-changing security landscape can befuddle small businesses, and the plain truth is that there is no silver security bullet. Small businesses would be well-advised to deploy a multi-faceted security strategy. Here are eight must-have checklist items.

6. How to Prevent Thumb Drive Security Disasters

Small USB flash drives can cause big security headaches. Learn how four very different organizations have managed to balance the need to allow employees to transfer files for legitimate business purposes with the need to prevent data leaks.

7. How to Secure Data by Addressing the Human Element

Your sensitive data is only as secure as the weakest link in your organization, and in many cases the weak link is your employees. A properly established security awareness and training program can pay huge dividends.

8. Will Tech Industry Ever Fix Passwords?

What LinkedIn and other recent breaches tell us about widespread security risks as we embrace social media and cloud applications in the enterprise.

9. Facebook Timeline Scams Prey on Wishful Thinking

If you're not a fan of the new Facebook Timeline design, beware of bogus Facebook groups and pages promising a return to the old design.

10. Mobile Malware: Beware Drive-by Downloads on Your Smartphone

Drive-by downloads are coming to your smartphone, and they're harder to detect than traditional PC-based versions. Here's how you can protect yourself, your users and your enterprise from mobile drive-by downloads.

11. How to Secure Sensitive Files and Documents

Much of an organization's most sensitive information resides in unstructured files and documents that are commonly subject to data loss and leakage--especially in today's mobile, Web-based world. IT pros must develop an approach to securing these documents that gives the business the control it needs without stymying employees' productivity.

12. How to Defend Against Malnets

The number of malnets has jumped 300 percent in the past six months, according to security firm Blue Coat Systems. While they are nearly impossible to kill, there are steps you can take to protect your organization.

Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for Follow Thor on Twitter @ThorOlavsrud. Follow everything from on Twitter @CIOonline and on Facebook. Email Thor at

Read more about security in CIO's Security Drilldown.

Join the CSO newsletter!

Error: Please check your email address.

Tags MDMBarracuda NetworksMobile device managementsecurityDrive-by DownloadsscamsTechnology Topicscybercriminalsphishingsocial engineeringTechnology Topics | Security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Thor Olavsrud

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts