The combination of bring your own device (BYOD) plans and social media are creating a “fantastic avenue” for undermining corporate security, a Frost & Sullivan analyst warned at the Evolve 2013 security conference in Sydney. Also there, VMware was talking up the potential for software defined data centres to improve IT security, while Trend Micro was promoting its Deep Discovery environment to Australian customers.
Also sharing was the head of the NAB’s IT security, who advised that banks need to innovate their way around IT-security hurdles posed by ever-tighter regulation. This, in the face of an escalating wave of cyberattacks against financial-services targets so bad that the FBI is even warning banks about it – as is a Russian security team, which has found a cyberfraud operation targeting Australian bank customers.
A high-profile California lawsuit alleging that a Delta Air Lines app failed to preserve customer policy, was dismissed in a blow for those pushing for better privacy controls on mobile apps. For its part, mobile security vendor Lookout is sue Google alleging that it has been allowing Android app vendors to illegally collect user data.
Russia took a big step towards adopting international privacy norms by signing the Convention 108 privacy pact, although the move’s efficacy may be limited in an international climate where a booming mobile industry is mobilising global criminals faster than ever. Even viruses are making a comeback; little wonder that firms such as Brisbane lawyers Cooper Grace Ward are turning to the added security that virtualisation provides.
The fight against hackers may have claimed some LulzSec scalps and seen arrests of Anonymous members in Italy, but other hackers have ever more resilient botnets; have released yet more Mac spyware; and continue their assault on online gaming company SG Interactive, which suffers constant DDoS attacks and has seen an appropriate defence as critical to business continuity.
Identity and access management (IAM) is a crucial tool for closing security holes in corporate infrastructure and can also, by enabling single sign-on capabilities, save money. Intel-owned McAfee has taken a different tack by adding biometric authentication to cloud storage in a fresh look at consumer security. Microsoft committed to international secure software-development standards, while Adobe released critical security updates for several key products. Microsoft also rushed an Internet Explorer 8 patch to market even as the latest version of the browser, IE10, was rated the best for privacy protection compared with Chrome or Firefox.
Even as some hackers do the polite thing and call ahead before sending a malware-laden email, police notched up a few scalps after jailing a phishing gang that stole a British woman’s £1 million (A$1.54 million) life savings and spent it on frivolities including “gold and cheeseburgers”. This sort of activity, apparently, is more appealing to hackers than health-care data which, reports suggest, is being plundered less and less thanks to tougher enforcement.
Somewhat safer than buying into phishing attacks is outsourcing business processes to Chinese companies – which, one Chinese IT outsourcer was at great pains to argue, still remains a safe choice for Western companies despite US accusations to the contrary.
Yet all isn’t necessarily hunky-dory, with companies and government bodies unprepared for surges in cyber-sabotage that are supposed to be targeted by new US legislation. Experts were debating plansfor sharing vulnerability information, while the Department of Homeland Security was warning that American critical cyber-defences are weak. Australia’s government isn’t doing as much as it could, either, with the new 2013-14 federal budget showing little new funding for cyber-security initiatives.