by Stefan Bernbo, CompuverdeAs the data deluge continues on unabated, vertically scaling legacy approaches to storage are falling short. Organizations need to find a way to store high volumes of data without busting the budget, all while maintaining high levels of performance… Read More >>>
Among providers of disaster recovery as a service there is wide variance in experience and service quality, together with other key differentiating factors. Data center managers should use this Magic Quadrant to help them evaluate providers of DRaaS services.
with Ed Macnair, CEO, CensorNetIn this interview, Ed Macnair, CEO of CensorNet, speaks with IT Briefcase on how security technologies needs to evolve to meet the challenge and opportunities of cloud computing.Read More >>>
This blog contains an eyewitness account we received from one of our U.S. bank customers following a security incident. Names and details have been withheld for confidentiality purposes.
Protecting data has become a priority for many organizations, but it’s becoming increasingly difficult for IT and data security departments to keep sensitive information from moving outside the network perimeter. This is due primarily to the proliferation of data-sharing tools, such as email, social media, mobile device access and cloud storage media. The reality is that the data security perimeter is forever changed as data is accessed and stored in multiple locations. With workers uploading data to a wide array of unsecured data sharing services, the people you have working inside your organization pose one of the biggest data security threats.
Software piracy continues to be a growing threat to software producers’ revenue and reputation as many have unknowingly left their products exposed, including market leaders like Microsoft®. How can you thwart digital theft? One of the most effective approaches is by leveraging the power of cloud licensing servers.
In a recent and highly publicized quarrel, Apple fought against the U.S. government’s request to create a workaround that would allow the FBI to break into an iPhone, essentially hacking into their own device. Without taking a deep dive into the implications of the situation, the FBI’s ability to work with a third party to crack that iPhone’s encryption gave many of us in the tech industry pause. At the same time, it proved a point that all of us who live, eat, and breathe security already know: no single security solution is infallible.
As I tour the world helping Active Directory administrators, auditors and security professionals secure their Windows environment, I often get questions about privileged access. The questions usually are about how privileges are granted and how an organization can know if its privileges are correct. These are great questions considering the onset of so many attacks on Windows in the past five to seven years. It is important to see that privileged access is usually at the core of these attacks.
Company boards now recognize the growing cyberthreat and the havoc data breaches can wreak. CISOs need to be ready to answer some fundamental questions as their role earns a bigger seat at the boardroom table.
Accepting a variety of payment forms — including credit and debit cards, and mobile and Web-based payments — is beneficial to all business owners. Not only does payment flexibility give customers the right to choose how to pay, based on the size and nature of their purchase, it can level the playing field between small business owners and well-established competitors.
In 2013, 7 percent of U.S. based organizations reported a loss of $1 million or more, while 19 percent of organizations in the U.S. reported a loss of $50,000 or more, all stemming from the mishandling of computer network information either intentionally by cyber criminals or inadvertently by unsuspecting employees. When this happens, IT security, managers and department staff are then left with the daunting task of locating the source of the problem, which is often time-consuming and costly, especially in instances where financial loss has occurred due to data breach or theft.
Mobile communication is playing a bigger role in modern businesses. However, many business owners are still coming to terms with this relatively new technology. Before you rush in and implement a new mobile business strategy, there are important factors you should consider first.
Cell phones are so much more than an easy way to keep in touch with loved ones. Smart phones are a pocket-sized computer that’s capable of everything from browsing the internet, to finding your location through GPS, and even helping you complete business-related tasks from a distance. Unfortunately, as convenient as the cell phone is, it’s all rife with possible security risks – particularly in regards to your personal data.
KnowBe4 cautioned companies to heed new FBI and Microsoft alerts, warning of hybrid targeted ransomware attacks that attempt to encrypt an organization’s entire network. Criminal hackers have upped the ante. They are changing their approach and penetrate a network, wipe out all backups, infect all key machines with ransomware and then demand payment. The latest method uses a little-known strain of ransomware called “Samas”, first discovered in 2014. According to research reports by Microsoft, the majority of infections thus far have been detected in North America, with a few instances in Europe.
The public’s perception of the Cloud seems to change constantly. In light of high-profile security breaches at Target (2013) and Home Depot (2014) and in the iCloud (2014), many users raised concerns about privacy and data security. Even with recent technological advances, thoughts on cloud security remain mixed. In fact, while 64 percent of medium and large enterprises believe cloud infrastructure is more secure than legacy systems, 31 percent also deem security the most prominent challenge they encountered in 2015, according to a study on the state of cloud security in the enterprise market.
Black Energy, a notorious malware that we have been researching lately, has once again become the subject of talk in the cyber world. This celebrity status is mainly due to its involvement in the recent cyberattack on Ukraine’s power industry, which left around 80,000 customers of the electricity company without power for several hours, two days before Christmas.
As soon as the global panic incited by the events of September 11, 2001 settled into public sector anti-terrorism initiatives, experts brought to light grave concerns about the security of the nation’s energy infrastructure. Even so, 15 years later, many energy organizations find themselves scrambling to meet the security measures set forth by NERC in their Critical Infrastructure Protection standards (CIP, Version 5). The new, much more comprehensive standards went into effect July 1, 2015, but the looming compliance deadline on July 1, 2016 is the real deal—an enforcement deadline that means auditors are on their way.
The downside of a website is that contains and publishes all your hard-done content is that it could get hacked. That doesn’t mean that websites developed on specific CMS platforms such as WordPress, Drupal, and Joomla are anymore or any less safe than regular HTML.
Understanding new threats and new technologies is central to optimizing IT security. But with their bring-your-own-device habits, tendency to job-hop, and simple human fallibility, IT users are the leading cause of security incidents.
with Kong Yang, SolarWindsIn this interview, Kong Yang, Head Geek and technical product manager at SolarWinds, speaks with IT Briefcase on how hybrid environments are changing the role of the IT professional. Read More >>>
A common misperception about SSH user key management concerns the need to find and control all the private keys in an environment. The idea here is that, since private keys are like passwords, it’s possible to manage them using the same methods. Once all the private keys are well controlled, safety has been achieved. What may initially seem like common sense does not hold up under inspection.
The future, it seems, is one of connectivity — not only between people from across the globe thanks to things like social media and wireless technology, but between devices too. It’s no longer just our phones or computers that access the internet, but our light bulbs, coffee-machines, refrigerators, and microwaves. As a community, we’re welcoming the “Internet of Things” into our lives — encouraging a world of constant connection to each other, and the internet. As a result, estimates suggest that by 2020, the sum of IoT (Internet of Things) devices will reach 25 to 30 billion.
Governments, utilities and businesses from every sector are embracing the possibilities of the Internet of Things (IoT). This interconnected environment promises safer public parks, more efficient factories, better healthcare – imagination seems to be the only limit when it comes to applying the IoT to today’s needs. However, for the positive action of all these improvements to work and life, there is at least an equal negative reaction. Gartner analysts recently revealed that by 2020, firms will have increased annual security budgets by 20 percent (up from less than one percent in 2015) in order to address security compromises in the IoT.
Understanding open source vulnerabilities is a daunting challenge. Most companies do not have a good handle on where open source software is being used across their organizations. As a result, when vulnerabilities in open source (e.g., Heartbleed, Shellshock, Ghost, Freak and now DROWN) come to light, companies are not able to quickly assess their exposure and take action to remediate that exposure.
A majority of businesses are moving critical applications from physical personal computers to the virtual environment. A 2015 IT priorities survey confirms this where 76% of the IT decision makers surveyed indicated their preference for cloud bases productivity applications. About 57% stated they would roll out enterprise file sharing and synching services on the cloud.
Mobile devices are quickly becoming the primary devices among enterprises. Their great user experience, increased computing capabilities, explosion of apps, and always-on connectivity combined with agility, make them ideal replacements for PCs. Mobility these days, is not just a tool enabling employees access to email and a handful of corporate applications, but rather a tool to improve employee productivity and ease of working by enabling them with real-time connectivity to customers, partners, suppliers and workers.
by Fouad Khalil, SSH Communications SecurityNo matter what an enterprise’s major market is, it is probably subject to regulatory compliance requirements, such as PCI, SOX, FISMA and HIPAA. PCI requirements in particular demand a high level of auditability and controls. Read More >>>
Traditionally, information regarding health is closely guarded, available only to the immediate healthcare providers and patients involved. However, as electronic records become normal, and people allow health applications to track their fitness and everyday activities, the lines demarking what is Protected Health Information (PHI) and what isn’t are blurring. Essential, commonplace items like smartphones and office computers are playing a role in the unauthorized loss or disclosure of patients’ sensitive medical data. It’s important to make sure you and your practice are not at risk.
When it comes to dealing with data breaches, there is no one-size-fits-all guide. Every incident and organization is different. Even so, preparing for the evitable breach is worth the time, effort, and expense given the millions of dollars a breach could cost an organization in terms of lost data, business, and reputation. This playbook is a starting point to help an organization’s board of directors create an action plan.
While technology has benefited retailers in many ways, it has also contributed to growing levels of fraud. Although EMV and other developments are helping to curb identity theft fraud and unauthorized transactions, “chargeback fraud” remains a major threat to eCommerce merchants. As the technology of electronic payment processing becomes nearly ubiquitous in the business world, online shopping is rapidly overtaking in-store sales for many items. But with any fast-evolving system, scammers find loopholes that can eat deeply into profits.