IT Security Rewind – Week of October 10, 2011
| Uncategorized |
by Josh Arrington
This week we honored Christopher Columbus, someone who undoubtedly took a major risk and in the end, discovered something completely new. Thus it is appropriate that in this week’s IT Security Rewind we must report the passing of the visionary Dennis Ritchie, creator of the C programming language and co-developer of the Unix operating system. eWeek.com provided the following quote from Jeong Kim, president of Alcatel-Lucent Bell Labs, “Dennis was well loved by his colleagues at Alcatel-Lucent Bell Labs, and will be greatly missed. He was truly an inspiration to all of us, not just for his many accomplishments, but because of who he was as a friend, an inventor, and a humble and gracious man. We would like to express our deepest sympathies to the Ritchie family, and to all who have been touched in some way by Dennis.” To read more about Dennis’ accomplishments click here.
In other security news this week:
FTP may be dying but collaboration is not: eWeek’s Cameron Sturdevant (@csturdevant) took a look at the effect of the consumerization of IT on collaboration tools highlighting some major security vulnerabilities that have arose with the adoption of these free Saas tools. With the proliferation of mobile devices Sturdevant emphasizes the importance of regulations in file sharing stating, “There are reasons to put boundaries on user collaboration, and licensed SaaS and on-premise tools are often best equipped to put these restrictions into practice. Blocking restricted data is among the chief reasons to curtail user file sharing. Helping well-meaning employees stay on the right side of the law when it comes to using regulated data is an important feature that is missing from nearly all the no-cost Internet services.” We completely agree and hope that Sturdevant will check out our secure file transfer solution to see how we successfully secure data in transit.
The real threat is still Inside: Despite constant media chatter around advanced persistent threats and external hackers, Dark Reading reported on a study that serves as a good reminder to organizations to look inside their organizations for threats within company walls. The study, conducted annually by Amplitude Research on behalf of VanDyke Software, found that a “of the many reasons cited for network intrusions, more than half could be attributed to internal issues: lack of adequate security policies (17 percent); employee negligence (12 percent); unauthorized access by current or future employees (11 percent); employee Web usage (6 percent); and lack of software updates (6 percent).” Surprisingly, hacker/network attacks accounted for only 14 percent of intrusions; viruses, malware, and spyware were 10 percent.
PCI still a pain point for many: Okay we admit it, we love reports, especially when they support messages we’ve been sending for some time now. This report conducted by Verizon and covered by SC Magazine UK, found that “most businesses that accept credit or debit cards, or both, continue to struggle to achieve and maintain compliance with the Payment Card Industry Data Security Standard (PCI-DSS).” In fact, of those assessed by Verizon, only 21 percent were found to be fully compliant. These results were almost identical to last year’s which proves that, as an industry, we need to do more to educate organizations and help them to understand how to achieve compliance not just for auditing purposes, but for the protection of their customers’ sensitive information.