The week in security: Breach cost rises as data security flags

Australian companies last year, figures suggest, while research suggested data breaches were costing 9 per cent more in 2013 than the year before – and many expect that to increase as the threat scenarios continues to get worse. Hackers are, for example, engaging in 'offensive forensics' to capture non-static data that may inform further attacks, even as figures suggest enterprise networks are already being hit by 'unknown malware' 53 times a day on average. To make matters worse, DDoS attacks are increasingly being used as diversions for bigger attacks even as the Internet becomes the main channel for economic crime.

Google was playing with something it hopes might make browsing safer, with a new feature aiming to improve privacy by bypassing the need for Web addresses altogether – although some said the feature actually had the opposite effect. Yet the Web giant wasn't the only one considering how to improve security: a group of privacy and digital rights advocates was arguing that Web users should take new steps to avoid US NSA surveillance. They might start with the likes of the Electronic Frontier Foundation's new Privacy Badger add-on, designed to stop the likes of Yahoo and its decision to drop its 'Do Not Track' policy.

Developers were downplaying hacker claims that they had found a critical flaw in OpenSSH, but Dropbox wasn't arguing the details as it worked to fix a bug that exposed user documents. URL-shortening giant was also compromised, urging users to change their passwords.

Such issues will become even bigger, Gartner warns, as the Internet of Things adds to the security threat and the risks of excessive interdependence rear their ugly heads. Yet even with new threats materialising all the time and trends like virtualization changing network topographies, one security provider was arguing that the network perimeter is still important. Others argue that open collaboration is as important to minimising security threats as any individual technology.

Mobile apps were being installed in secure 'sandboxes' on tablets faster than on smartphones, according to Good Technology figures. Yet even as Microsoft reported that malware rates had tripled – prompting some to launch a counterattack – and Android joined the ranks of the platforms suffering from police ransomware – there were suggestions that mobile malware has become a primary conduit for phishing scams.

BYOD policies continued to flummox many CSOs, with some worried that protection becomes harder in university environments designed for openness, whilst others were considering how to attract more women to information-security jobs. Yet the issue isn't only the lack of candidates, peak body ISACA warns, but the willingness of companies to invest in them.

Even as it declared antivirus to be dead, Symantec announced plans to partner with service providers to deliver protection against zero-day and other attacks, while IBM launched a suite of security tools and services that may have a built-in audience as it came at the same time that Target rid itself of the CEO that presided over that retailer's disastrous data breach. Turns out job security is yet another potential casualty of poor information protection.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about DropboxElectronic Frontier FoundationGartnerGood TechnologyGoogleIBM AustraliaISACAMicrosoftNSASymantecTechnologyYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place