Cybersecurity incidents continue to grow in both volume and sophistication, with 64 percent more security incidents reported in 2015 than in 2014, according to a June 2016 report by the Ponemon Institute. The human instinct is to try to find those responsible. However, any attempt to access, damage, or impair another system that appears to be involved in an attack is mostly likely illegal and can result in civil and/or criminal liability. Since many intrusions and attacks are launched from compromised systems, there’s also the danger of damaging an innocent victim’s system.
For every website and service simplifying how we get information, complete a transaction, or communicate with others, there’s a growing number of web-based threats intent on compromising user safety and privacy. Securing all web content over HTTPS is now a necessary step as we increase our dependence on the internet.
Is a data breach worse if it happens in the cloud? Given that a recent Ponemon Institute report is entitled “Data Breach: The Cloud Multiplier Effect,” it sounds like the answer is yes. But the report hints at another conclusion that’s at least as significant as any dollars-and-cents cost of a security breach: the generally low opinion held by IT folks about cloud security.
Computer security is in tatters — but not everywhere. Learn from the companies that know what they’re doing. Most organizations are very bad at computer security.
They don’t patch well, and they have short, simple passwords that don’t expire. They have dozens to hundreds of people in elevated groups. They don’t have a clue who has which permissions in their environment.
I’m a security professional, and it pains me to admit that in my line of work, mistakes are made. Multiple times. In almost every organization. With alarming frequency.
Here are the six most persistent screw-ups I’ve seen during my many years of consulting. If none sound familiar, I hate to tell you, but … you may be in denial.
A doctor logs in to a hospital server to deactivate his personal computer’s account. After his attempt, a server misconfiguration somehow makes the patient records the doctor accessed available on the Web, resulting in a four-year investigation and a $4.8 million fine for two hospitals.
Is this a failure of BYOD and the user? Or of IT’s server admins and security staff?
The overall U.S. unemployment rate may be down, but that hasn’t translated into good news for IT workers seeking a position. Although the economy added some 113,000 jobs in January, the IT hiring picture has all but ground to a halt. If anything, it’s drifting backward, with 1,400 IT jobs lost in January.
Users of Java are caught between a rock and a hard place. They often need an older version of Java to run their applications, but those aged releases are susceptible to security breaches, which have plagued Java in recent years. Java accounted for 91 percent of Web exploits tallied — and 14 percent of all successful PC exploits — in Cisco Systems’ recent 2014 Annual Security Report, far outpacing Adobe Flash and PDF documents, the other major “popular vectors for criminal activity,” the report states. Specifically, Java on the client is the problem.
Last year, we saw tremendous moments in the story of software patents and patent trolls. It’s possible we’ll even see substantial change in the near future. Here are some of the key landmarks of 2013 and portents for 2014. From an already shady reputation, patent trolls sank to claim the dubious title of public enemy No. 1 for netizens in 2013 — even President Obama accused them of extortion.
In July 1907, the first great breakthrough in medical IT took place at the Mayo Clinic in Rochester, Minn.: the paper medical record, dropped into a paper folder and stored in a file cabinet. Until then, information on patients was kept in a ledger that recorded all of a day’s patient visits, one after the other. Different departments kept separate ledgers, making it extremely difficult to track down patient information in a timely manner.
Pivotal, a new venture led by former VMware CEO Paul Maritz, sees a future rife with cloudy big data apps crunching sensor and user data — and holds important clues to the future of IT.
In the good old days, most hacking was performed by young males looking to boost their self-esteem. Nowadays, almost all hacking and malware is carried out with criminal intent. Yet for some reason, people who get hacked or are infected by malware still treat the problem as if it were a mere annoyance, as if they’d been infected by a virus from 1998.
A group claiming responsibility for a string of cyberattacks against several major U.S. banks over the past four months today said that it has suspended its campaign in response to YouTube’s apparent removal of a controversial anti-Muslim video.
The Izz ad-Din al-Qassam Cyber Fighters group launched the attacks last October to protest the posting of a 14-minute trailer of “Innocence of Muslims,” a movie insulting Prophet Muhammed that sparked widespread protests across the Middle East last year.
Already, “big data” has become one of those buzzphrases you say with an apologetic smirk. It sounds like marketecture, broad enough to apply to almost anything.
So let’s clear up what big data is and isn’t. Perhaps you’ve heard the canonical “three V’s” definition: data high in volume, velocity, and variability. In other words, big data comes in multiterabyte quantities, accrues or changes fast, often resists normalized structure — and tends to demand technologies beyond the tried-and-true RDBMS or data warehouse.
There’s a war going on, and it’s raging here at home — not in the streets or the fields, but on the Internet. You can think of it as a war on the digital homeland. If you work for a power company, bank, defense contractor, transportation provider, or other critical infrastructure type of operation, your organization might be in the direct line of fire. And everyone can become collateral damage.