The week in security: Mobiles exposed as skills deficit hobbles security intelligence

Businesses are accumulating data faster than they can accumulate people to analyse it, one consultant has pointed out as data-intensive security proves both more promising and more problematic than ever. Some organisations are making ground by improving their security posture, but a surprising number still don't see security as being a continuous process – although they may change their tunes if the US Department of Homeland Security puts teeth behind claims that corporate boards of directors should be more involved in cybersecurity efforts.

One organisation that knows all about security as a continuous process is Melbourne and Olympic Parks, which has turned to next-generation firewalls to maintain strict network separation between crews handling different events at its major Melbourne venues. Yet it is airport tickets, not concert tickets, that are the most popular purchase for credit-card scammers, according to figures from security firm RSA.

Firefox has added application-reputation capabilities mirroring those already in Google Chrome, although there's no telling whether it will block the type of problems befalling consumers who have clicked on links hoping to score some free movie downloads – but gotten malware instead. And if you think that's bad, a new vulnerability discovered in Android mobile software is said to allow malware to hijack installed apps, their data, and even the entire device. Given that mobile-loving Aussies are also proving to be open targets for Koler malware, things aren't looking great in the mobile security arena.

Gartner was warning against hysteria about the location of data, while there was less certainty about whether hysteria is warranted when it comes to the new 'bring your own identity' trend by which users authenticate themselves with social-media credentials. That may sound like a good idea to some, but with privacy groups warning off Facebook from gathering users' Internet browsing patterns and warnings suggesting it may be a bad idea to use Instagram on public Wi-Fi.

Amazon suffered the ignominy of having hackers install DDoS malware on its platform after hackers exploited a vulnerability in distributed search engine Elasticsearch. It's yet another example of how a security chain is only as strong as its weakest link, as many organisations are finding out as other members of their supply chains turn out to be less secure than they should be.

As many continue to underestimate the importance of physical access control in developing IT-security strategies, others in the utilities industry are underestimating the importance of IT security altogether, if figures from Ponemon Institute are anything to go by.

Even Symantec may be guilty, if a penetration-testing company proves correct in its claims that Symantec Endpoint Protection has its own zero-day flaws. Such vulnerabilities are a reminder of how every company needs to remain vigilant in looking out for cyberthreats; US university Georgia Tech, for one, launched an early warning system designed to increase the awareness of new threats.

Join the CSO newsletter!

Error: Please check your email address.

Tags credit-card scammersnext-generation firewallUS Department of Homeland Securitynewssecurity dataKoler malwaremalwarersaGartnersymantecsecuritymobile securityprivacy groups

More about FacebookGartnerGoogleRSASymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts