As employees and IT professionals return from the holidays, many are doing so with 2014 New Year’s resolutions in mind. For IT pros, we hope that one of your resolutions is to bolster your organization’s security and defenses in 2014. One of the rising threats that many IT professionals should be concerned about defending against in the new year is advanced persistent threats (APTs).
In my last post, I discussed the reality of APT hitting unsuspecting organizations with a predictable pattern. Study after study indicates people are being hit by malicious hackers and the attack goes on for months before anyone is any the wiser. If they ever know.
Some very large companies, with hundreds of business units and locations,
It used to be that only large, Fortune 500-sized businesses had to worry about targeted threats, or APTs. Today, it’s a whole new ballgame. Sophisticated, malicious hackers use focused resources for small- and medium-sized companies too. Everyone is a target and your risk is multiplied if you do business with important partners and business associates who have valuable intellectual property.
It might not be part of any formal forensics or incident response policy, but odds are at most organizations, whenever a malicious hacking attack hits the mark there’s one step rarely missed: blaming the user.
Users do some boneheaded things sometimes so pointing the finger at them is easy. But the truth is if IT has never developed a systematic way to make sure users know about the risks and company policies meant to reduce those risks online,
Lumension recently conducted a survey of more than 1,600 IT professionals on Linkedin regarding their thoughts on BYOD and mobile security. You can check it out here. There is a lot of interesting information in this survey, with one of the main takeaways was for these respondents’ organizations, BYOD is really all about end-user satisfaction and productivity.
Protecting sensitive information has become increasingly difficult the last few years – if you haven’t recognized this fact and modified your security approach recently, you’ve got issues.
One reason for this is the explosion of mobile devices on our networks. While convenient for our users and a significant productivity booster for our business,
Late last week, we received notice hackers, presumably a well-equipped group using an advanced campaign, somehow made their way laterally onto an Adobe build server where company developers package up a final executable for consumers. With access to the build server, attackers were able to sign their own hacking tools with legitimate Adobe certificates.
Evidently, this is what the hackers wanted – an opportunity to educate.
While the fact that Yahoo did not encrypt customer passwords is yet another instance of embarrassingly low security priorities on behalf of corporate entities, the fact is that Yahoo’s customers who were breached are at fault too. The firm that uncovered the breach reported that some of the most common passwords used for Yahoo Voices included “123456,” “111111” and “000000.”
It’s hard to believe that it is 2012 and we still have to explain why you should not use the same password across multiple accounts and push people to be more creative in what they choose.
With 50% of IT endpoint operating costs now attributable to malware, is reliance on antivirus as the keystone endpoint security measure the best approach? Instinct tells us no but to be sure, Lumension recently did a comparative analysis on the effectiveness of standalone AV and O/S resident patching solution versus newer technologies, including application whitelisting,
Time and again, we’ve heard IT teams lament over how security continues to challenge the operational aspects of an organization. And these issues will not likely resolve themselves. While there isn’t a silver bullet that will “fix” this situation, there are best practices that will definitely improve security and increase operational efficiency. For some tips,
We’re back with part II in our podcast series on security versus operations with Mike Rothman, president and analyst with Securosis. In this post, Mike and I will discuss getting back to the basics of endpoint security, as small and mid-size organizations should not even consider employing in-depth cyber security measures until they have the basic preventative measures in place.
Time and again, we’ve heard IT teams lament over how security continues to challenge the operational aspects of an organization. And these issues will not likely resolve themselves. While there isn’t a silver bullet that will “fix” this situation, there are best practices that will definitely improve security and increase operational efficiency.
Hackers never sleep–as Citigroup can certainly attest to, having their consumer information twice hacked in a span of only three months. While we are counting sheep, the bad guys are of course looking for a way in, lurking and waiting for a vulnerable minute to strike. And all too often, this happens to organizations that have fallen victim before…a little like rubbing salt in an open wound.
MacDefender is fake security program that has been targeting Mac OS users. Through a combination of SEO optimization and a socially engineered website, Mac users are tricked into installing the Mac Defender malware. In this video, two members of the Lumension team, Russ Ernst, product management and Chris Merritt, solution marketing have prepared a step-by-step procedure to ensure that MacDefender is removed from any infected machines in your environment using Lumension Patch and Remediation.
It was reported yesterday that a group of hackers from Goatse Security compromised AT&T’s server through an open vulnerability to steal over 114,000 iPad 3G owners sensitive personal information which included email addresses and SIM card ICC-IDs. The attack didn’t effect the iPads themselves, but rather customer information housed on AT&Ts network. Luckily,