The week in security: Breach cost rises as data security flags

Australian companies last year, figures suggest, while research suggested data breaches were costing 9 per cent more in 2013 than the year before – and many expect that to increase as the threat scenarios continues to get worse. Hackers are, for example, engaging in 'offensive forensics' to capture non-static data that may inform further attacks, even as figures suggest enterprise networks are already being hit by 'unknown malware' 53 times a day on average. To make matters worse, DDoS attacks are increasingly being used as diversions for bigger attacks even as the Internet becomes the main channel for economic crime.

Google was playing with something it hopes might make browsing safer, with a new feature aiming to improve privacy by bypassing the need for Web addresses altogether – although some said the feature actually had the opposite effect. Yet the Web giant wasn't the only one considering how to improve security: a group of privacy and digital rights advocates was arguing that Web users should take new steps to avoid US NSA surveillance. They might start with the likes of the Electronic Frontier Foundation's new Privacy Badger add-on, designed to stop the likes of Yahoo and its decision to drop its 'Do Not Track' policy.

Developers were downplaying hacker claims that they had found a critical flaw in OpenSSH, but Dropbox wasn't arguing the details as it worked to fix a bug that exposed user documents. URL-shortening giant was also compromised, urging users to change their passwords.

Such issues will become even bigger, Gartner warns, as the Internet of Things adds to the security threat and the risks of excessive interdependence rear their ugly heads. Yet even with new threats materialising all the time and trends like virtualization changing network topographies, one security provider was arguing that the network perimeter is still important. Others argue that open collaboration is as important to minimising security threats as any individual technology.

Mobile apps were being installed in secure 'sandboxes' on tablets faster than on smartphones, according to Good Technology figures. Yet even as Microsoft reported that malware rates had tripled – prompting some to launch a counterattack – and Android joined the ranks of the platforms suffering from police ransomware – there were suggestions that mobile malware has become a primary conduit for phishing scams.

BYOD policies continued to flummox many CSOs, with some worried that protection becomes harder in university environments designed for openness, whilst others were considering how to attract more women to information-security jobs. Yet the issue isn't only the lack of candidates, peak body ISACA warns, but the willingness of companies to invest in them.

Even as it declared antivirus to be dead, Symantec announced plans to partner with service providers to deliver protection against zero-day and other attacks, while IBM launched a suite of security tools and services that may have a built-in audience as it came at the same time that Target rid itself of the CEO that presided over that retailer's disastrous data breach. Turns out job security is yet another potential casualty of poor information protection.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about DropboxElectronic Frontier FoundationGartnerGood TechnologyGoogleIBM AustraliaISACAMicrosoftNSASymantecTechnologyYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

More videos

Blog Posts