Threat intelligence sharing is getting greater attention. Businesses are encouraged to share the new security threats they are encountering with their peers. This collaboration will better ensure the security of all companies that could be threatened by a similar attack. Working together to find a solution to ending and preventing these attacks can create a more beneficial information security platform for all involved.
The challenge of threat intelligence sharing is how to securely and effectively communicate this information with others. Those involved must also determine how timely should this information be shared with others and will allow it to still remain effective. The current information that has been shared is only what security threats are out there, but no solutions on how to stop these types of threats. Smaller corporations are the ones typically struggling to find solutions to these threats and would have a greater benefit from being assisted in finding the appropriate solution.
What is stopping this full platform of threat intelligence sharing? Is the competitive nature of business a part of this? Whatever the underlying cause is that inhibits sharing information that helps all involved contributes to the failure of national intelligence sharing. More thoughts on this topic are being discussed at the annual Black Hat conference that is occurring July 27 through August 1st. All interested will have to continue to monitor the input generated from the conference this year to see if a coordinated effort can be configured.
Saturday, July 27, 2013
Saturday, July 20, 2013
Companies have greater security risks when following standards
A common occurrence for many businesses is that they become so focused on following industry guidelines and checking off boxes to ensure they are following these requirements, they lose track that they also need to prevent cyber threats. By being overly concerned with meeting the requirements of government and industry standards companies are forgetting the big picture. They are leaving themselves open to becoming targets of cyber criminals by being unprepared.
To prevent this from occurring companies need to expand their security guidelines to include greater threat assessments along with industry standards. They need to place their focus on going above and beyond industry standards rather than just meeting them so they are in compliance. This will help secure their businesses by staying one step ahead of security threats rather than waiting to take action until it is too late. Companies who have not experienced cyber attacks do not realize the importance of increasing threat assessments. They must take the advice of others who have experienced cyber threats and take necessary steps to prevent it from occurring to their company. If industry standards do not change to include greater focus on cyber threat assessments companies need to take it upon themselves to increase it on their own.
See the link for more information http://www.computerworld.com/s/article/9237254/IT_security_managers_too_focused_on_compliance_experts_say
To prevent this from occurring companies need to expand their security guidelines to include greater threat assessments along with industry standards. They need to place their focus on going above and beyond industry standards rather than just meeting them so they are in compliance. This will help secure their businesses by staying one step ahead of security threats rather than waiting to take action until it is too late. Companies who have not experienced cyber attacks do not realize the importance of increasing threat assessments. They must take the advice of others who have experienced cyber threats and take necessary steps to prevent it from occurring to their company. If industry standards do not change to include greater focus on cyber threat assessments companies need to take it upon themselves to increase it on their own.
See the link for more information http://www.computerworld.com/s/article/9237254/IT_security_managers_too_focused_on_compliance_experts_say
Wednesday, July 10, 2013
YOU MAY BE SURPRISED WHO CAN VIEW YOUR INTERNET CONNECTED DEVICES
If your business or home has a live video camera you might be surprised who can view it. Just imagine your conference room has the ability to have live video conferences with clients, if it is not secure others may be able to watch and listen in on all of your meetings. Additionally if the feed is always live as in security cameras in businesses, stores, restaurants, traffic cameras, etc. a person can view this live feed anytime. If a security feed is not secure and someone gains access to confidential company information, just imagine the chaos that may ensue if that information is exposed or sold to a competitor.
There is a search engine called Shodan that allows searches for all devices connected to the Internet. This includes live web cams, refrigerators, routers, GPS receivers, even swimming pool, industrial and medical device control panels. How does Shodan receive this information? Simple it asks these devices "What can you tell me about yourself?" Most of the information discovered is from people who are not even aware that this information is viewable to others. A man was viewing open web cam feeds and discovered a woman yelling and hitting an elderly woman. Shocked by his discovery he recorded it, traced the IP address and submitted it to the police.
John Matherly is the creator of Shodan and is currently the only one maintaining it. Typically the work he does is only done by criminals. He supports this project by charging security companies for access to his entire database, which currently has more than 1.2 billion devices. Currently anyone can search his database for free, but unlimited access will cost you a one time fee of $19. With this information make sure that all of your Internet connected devices are secure.
http://www.wired.com/wiredenterprise/2013/07/shodan-search-engine/?cid=co9596534
There is a search engine called Shodan that allows searches for all devices connected to the Internet. This includes live web cams, refrigerators, routers, GPS receivers, even swimming pool, industrial and medical device control panels. How does Shodan receive this information? Simple it asks these devices "What can you tell me about yourself?" Most of the information discovered is from people who are not even aware that this information is viewable to others. A man was viewing open web cam feeds and discovered a woman yelling and hitting an elderly woman. Shocked by his discovery he recorded it, traced the IP address and submitted it to the police.
John Matherly is the creator of Shodan and is currently the only one maintaining it. Typically the work he does is only done by criminals. He supports this project by charging security companies for access to his entire database, which currently has more than 1.2 billion devices. Currently anyone can search his database for free, but unlimited access will cost you a one time fee of $19. With this information make sure that all of your Internet connected devices are secure.
http://www.wired.com/wiredenterprise/2013/07/shodan-search-engine/?cid=co9596534
Thursday, July 4, 2013
How Secure is Your Information?
The recent events of Edward Snowden stealing information at the NSA may seem something far fetched for most companies, but it is far more common than many believe. The government is considered to be the most secure out of all businesses. The fact that Snowden was able to access information that he should not have had access to proves that no matter how secure a business is there is always room for improvement.
A recent article explains just how poor many companies network security is. 2.5 million Californians had their personal information (SSN, credit card and bank accounts) exposed by businesses between Nov 2010 and 2012. These companies are by no means small corporations. They ranged from retail stores such as Petco and Barnes & Noble to state universities and government agencies. Some were only singular incidents, however American Express Travel was at fault 19 times. Yes, 19 times. One would think that after pertinent information was exposed once or twice the problem would be corrected, but apparently the company does not know how. The businesses that had the most problems with data breaches were ones that handled financial transactions (mostly retail) and banks. It really gives you pause before giving any information to any business.
How could these companies have better protected their customers information? By simply encrypting the data. These security breaches along with Snowden stealing information will hopefully make companies see the importance of properly securing their data and putting greater focus on access to data. The breached information of Anthem Blue Cross of California cost them to pay out $150,000 and implement increased data security as well as limiting the amount of employees that can access SSN's. Prior to 2012 companies in California were not required to report security breaches. If other states take this same stance we may begin to see the much needed security improvements when they are being held more accountable for their lack of security.
For more information on the story please see the link
http://www.mercurynews.com/business/ci_23587532/2-5-million-californians-exposed-data-breaches
A recent article explains just how poor many companies network security is. 2.5 million Californians had their personal information (SSN, credit card and bank accounts) exposed by businesses between Nov 2010 and 2012. These companies are by no means small corporations. They ranged from retail stores such as Petco and Barnes & Noble to state universities and government agencies. Some were only singular incidents, however American Express Travel was at fault 19 times. Yes, 19 times. One would think that after pertinent information was exposed once or twice the problem would be corrected, but apparently the company does not know how. The businesses that had the most problems with data breaches were ones that handled financial transactions (mostly retail) and banks. It really gives you pause before giving any information to any business.
How could these companies have better protected their customers information? By simply encrypting the data. These security breaches along with Snowden stealing information will hopefully make companies see the importance of properly securing their data and putting greater focus on access to data. The breached information of Anthem Blue Cross of California cost them to pay out $150,000 and implement increased data security as well as limiting the amount of employees that can access SSN's. Prior to 2012 companies in California were not required to report security breaches. If other states take this same stance we may begin to see the much needed security improvements when they are being held more accountable for their lack of security.
For more information on the story please see the link
http://www.mercurynews.com/business/ci_23587532/2-5-million-californians-exposed-data-breaches
Subscribe to:
Posts (Atom)