Will it be the total surveillance society and internet licenses? A breakdown of authority, with e-militias fighting extreme anarcho-hactivists? Or one of the other two?
Even the most security diligent organisations are realising that breaches are no longer a question of ‘if’ but a question of ‘when.’ Yet many organisations still do not factor the inevitability of compromises into their overall defense strategy, instead focusing on controls to keep every conceivable type of threat at bay. However, the ability to use controls to close every gap attackers can find and reduce the surface area of attack to zero is fundamentally flawed.
The surge in mobile computing and BYOD (bring your own device) initiatives is translating to higher productivity and job satisfaction for your workforce—but it’s also creating alluring new opportunities for cybercriminals.
Unfortunately, bring your own device is still being debated in some organisations that are coming to grips with the shifting enterprise IT landscape and their own cost, risk and compliance environments.
2012 has been a tough year for IT security and the trend seems to be continuing into 2013. We have now become accustomed to groups such as Anonymous that have wreaked havoc on a number of large government and corporate organisations. A new frontier in cyber threats has opened. The driver for cyber intrusion is no longer fame, but theft of intellectual property, financial information, blueprints and other classified information for financial gain.
A marathon hack event held over a June weekend in Melbourne attracted more than 50 developers and designers, and a dozen subject matter and technical experts to ‘hack for humanity’. They volunteered their time to create open source solutions for communities impacted by natural disasters and climate change. These prototypes are available to assist in disaster relief planning, emergency management and community recovery.
No matter what type of organisation you work for, it’s hard to escape the cloud computing discussion. Cloud computing offers unparalleled advantages in terms of scalability and cost benefits, and there is no denying that it has changed the very nature of IT and the way use technology in business.
Today, CIOs are investing considerable resources in systems that provide them with better visibility into, and realtime reporting on, exactly what is happening on their IT systems.
There’s a lot of talk in the security industry and among organisations about the threats we face – malware, advanced persistent threats, zero-days, targeted attacks, viruses, Trojans, distributed denial of service attacks, worms, phishing...the list goes on and on. But no matter how you parse it, it all comes down to threats. More specifically, two fundamental types of threats: known and unknown.
Sometimes the most valuable sources of information are not what you might expect.
The attractiveness of adopting cloud services continues to grow. Who can argue against access to the latest technologies, a pay as you go model, rapid provisioning/de-provisioning and on demand scaling? All of these benefits lead to improved agility, faster time to market and a business focus on the business (not managing IT). Many of the risks of cloud computing have become less frightening as organisations have become more comfortable with data sovereignty and availability issues.
Sign up now »
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.