The week in security: Budget flags encryption troubles, cross-government IAM

Call it CSO's regret: four out of five companies that have suffered an IT security breach wish they had done more to prevent it and just 1 in 3 believe they have a strong enough security defence, according to new research.

The government appears to be among them, with the new Budget 2015 revealing that ASIO is worried about the use of encryption to avoid its gaze and that the Digital Transformation Office (DTO) will commit $33.3 million to build a cross-government identity management system.

Mass data collection was under the microscope as the US House of Representatives voted to narrow the NSA's phone records collection program. Critics called the changes “fake reform”.

Data-centre security has long revolved around managing user access privileges, but similar discipline is also needed for internal security measures. Particularly as new PCI DSS and other compliance requirements come onboard, it's an important part of ensuring compliance in the cloud, as are new platforms such as a cloud-based document protection service from startup Ionic Security.

The release of new malware that runs on graphics processing units (GPUs) heralded new threats for Windows users and a Mac version is reportedly in the works. Other new high-profile malware included a ransomware strain that drew on the TV show Breaking Bad for aesthetic inspiration, an unusual Wordpress attack that steals login credentials, and a DDoS botnet built using tens of thousands of home routers.

Ransomware has become so much of an issue that one security executive suggests evaluating security tools foremost on their ability to detect the problematic code. This is particularly important now that bots now out number humans – accounting for 59 percent of all site visits, by one count. Things are only likely to get worse as millions of non-human devices come online into an Internet of Things (IoT) that will require fresh approaches to security.

With malware proving so nimble, it's important to consider new ways of keeping up with the threat. Microsoft is also working to keep up with the threat, designing its new Edge browser in a way that the company says will be much harder to hack than previous browsers were. And one group of researchers designed a password manager that uses fake vaults full of convincing decoy passwords to confuse attackers.

Also from the fight-fire-with-fire files, a team of Israeli researchers have developed software that detects fake mobile and WiFi networks. Another software tool shows users when they're sending unencrypted data from their mobiles. It's all part of a learning process that often takes the biggest steps forward based on free and cheap IT security tips.

Even as Google tightened restrictions on Chrome extensions and revamped its Gmail logins to boost security, Adobe plugged numerous months-old flaws in its Reader and Acrobat products, while Microsoft fixed 46 bugs across numerous key products. Yet new vulnerabilities continue to pop up just as quickly, with a significant virtual-machine flaw discovered to have been hiding in floppy disk code for 11 years and another virtual-machine vulnerability poised to impact data centres and business systems.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags IT security breachbudgetIAMsecurity defenceData-centre securitydata collectionencryption troublesransomwarePCI DSSmalware

More about ASIOCSOEnex TestLabGoogleHouse of RepresentativesMicrosoftmobilesNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place