EMC Voice just posted a report that experienced IT security people like me know: antivirus software is not enough to prevent advanced persistent threats.
“The attackers today are creating malware faster than the anti-malware software vendors can produce anti-malware definitions,” said Leonard Jacobs, president/CEO of security company Netsecuris Inc."
But, wait, there's more. Most of this pertains to antivirus software that every personal computer should have running consistently. This is just Mickey Mouse stuff compared to what can happen to corporate networks, especially when people aren't tethered to their desks. Give them a company mobile device such as a smartphone or tablet and the potential for hacking into accounts is exponentially larger. Not marginally. Exponentially.
Throughout my career, I have had several methods of preventing security breeches that go beyond installing sniffers for viruses, worms, Trojan horses and other malware. I've installed firewalls, IPS, IDS and SEIM products to guard against attacks.. I've done penetration testing on a regular basis for vulnerabilities and confirm that systems are up to date with the latest patches. I've put together plans for remediation procedures to resolve vulnerabilities. I've designed disaster recovery plans. Corporations cannot afford to be asleep at the wheel. Hackers need no sleep. They're built for destruction.
Read more at http://www.forbes.com/sites/emc/2013/09/23/why-antivirus-software-isnt-enough-to-fend-off-attacks/?utm_campaign=techtwittersf&utm_source=twitter&utm_medium=social
Wednesday, September 25, 2013
Sunday, September 22, 2013
Weather Report
One of my earliest blog posts was called "Cloudy Skies." In it, I expressed my concern about security on the cloud. The cloud does, indeed, have its advantages. My wife and I back up our iPhones on the iCloud and we're happy that we will never have to enter our contacts into new phones. Small companies can save money by storing data on the cloud.
But there could be problems with large companies and governments when it comes to using the cloud. One of them is the fact that there is a limited number of massive scale cloud service providers including Microsoft, Amazon and Google. CFO.com reported that, "The barriers to entry are formidable; only the best-capitalized vendors need apply."
At the risk of sounding paranoid, hack one of these companies, and the implications are huge. All those credit card numbers on file at Amazon come to mind. Someone brought up the unlikely possibility that several could be breached at the same time. How much insurance for errors and omissions should these companies and their consultants be carrying?
It is virtually impossible to extrapolate the amount of damage that can occur. But here's another thing to think about when it comes to risk: problems in and tensions between India and Pakistan. India's promise as a super center isn't as bright. And if Pakistan were to strike India and data centers were casualties, it would be a catastrophe.
The bottom line is that IT security is more important than ever before. There is no room for gaps. Consultants are not as reliable as loyal employees.
But there could be problems with large companies and governments when it comes to using the cloud. One of them is the fact that there is a limited number of massive scale cloud service providers including Microsoft, Amazon and Google. CFO.com reported that, "The barriers to entry are formidable; only the best-capitalized vendors need apply."
At the risk of sounding paranoid, hack one of these companies, and the implications are huge. All those credit card numbers on file at Amazon come to mind. Someone brought up the unlikely possibility that several could be breached at the same time. How much insurance for errors and omissions should these companies and their consultants be carrying?
It is virtually impossible to extrapolate the amount of damage that can occur. But here's another thing to think about when it comes to risk: problems in and tensions between India and Pakistan. India's promise as a super center isn't as bright. And if Pakistan were to strike India and data centers were casualties, it would be a catastrophe.
The bottom line is that IT security is more important than ever before. There is no room for gaps. Consultants are not as reliable as loyal employees.
Subscribe to:
Posts (Atom)