The week in security: New perimeters fighting breaches as old ones fall

The first week of National Cyber Security Awareness couldn't have been more timely, with two major-retailer hacks and a host of revelations confirming that cybersecurity issues are only continuing to get worse.

Microsoft was defending its Outlook Web Access against claims it can be exploited to reveal an organisation's user credentials. Also on the Microsoft front, some vendors are pointing out that endpoint protection tools can be used to effectively extend the usable life of legacy Windows XP and Server 2003 installations by building a layer of protection around platforms that are no longer being actively supported.

Speaking of no longer being actively supported, security researchers were pushing for the SHA-1 hashing algorithm – used to sign 1 in 3 SSL certificates – to be urgently retired after funding it can be attacked for just $US75,000.

The average mid-sized US company spends $US15m annually to fight cybercrime, new figures suggest. And sometimes the problems come in the most unexpected places, such as a ransomware network that Cisco Systems reportedly interrupted while doing research at a Dallas hosting provider. Hackers using a Linux cloak, the company said, are earning $US30m a year.

Dealing with the latest security threats can be tricky, and many organisations are responding by finding ways to limit employee access to particular resources. But some people argue that employee productivity is at stake and that the best approach is to make resources available by default unless there's a good reason not to.

That could, however, cause problems for the quarter of companies that can't tell how hackers get into their networks – a worrying statistic made even more so by the fact that many of those breaches will likely be attributable to mobile devices (often used as conduits for shadow-IT SaaS usage, increasingly targeted by smart detection solutions).

Indeed, Android security was once again under the spotlight as Stagefright 2.0 emerged and HTC said that it can't commit to monthly updates because of the complexities of dealing with carriers. That's not going to be reassuring given new research suggesting 87 percent of Android devices aren't up to scratch and most are patched only once a year.

Those are worrying statistics and reflect Android's contrast with iOS, where Apple pulled in-app ad blockers for security reasons and concerns that apps could spy on users' data traffic.


Want to know more?

Why not become a CSO member and subscribe to CSO's mailing list.

Get newsletters, updates, events and more right here.


Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Microsoftcybersecuritybreachesweek in securityCSO AustraliaSHA-1Outlook Web AccessUS companyNational Cyber Security Awareness

More about AppleCiscoCSOHTCLinuxMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

More videos

Blog Posts