Latest news
Simon Heron is an Internet Security Analyst at Network Box, a managed security company, where he is responsible for developing the overall business strategy and growth. In this interview he discusses the current online security threats, the full disclosure of vulnerabilities as well as Network Box.In your opinion, what are the biggest online security threats today?
In a recent survey by Network Box, 61 per cent of IT managers said that they thought the biggest threat to network security was from malware being downloaded from the Internet. That’s probably true – but another important threat is usually user-based, in other words, people not keeping their protection up to date, or clicking on bogus links, or even buying from spam.
I think there are two significant challenges we face. Firstly, how to combat spam. I saw a great quote by someone on Twitter, that said: “I cannot escape the feeling almost every email I get is spam. The annoying thing is much of it is spam I've signed up for”. This nicely sums up one of the biggest difficulties we face – you have to define spam in order to block it. The second challenge is the shift of the endpoint. More and more people work remotely; the lines between work and home are becoming more blurred, and this puts pressure on the security of a corporate network.
What do you see your clients most worried about?
Fraud seems the major concern. This ranges from ID fraud, to fraudulent websites, spoofed emails promising great profits and a myriad of other cons that are the daily fare of an end user’s experience. This is still being fed through spam but increasingly there are new ploys as criminals move to website infection of trusted sites to infect new victims. All this despite the fact that the returns for a phisher or even spammer is appearing to be ever thinner. This menace is threatening the success of e-commerce and we need an international effort in these grim times to fight this crime.
What's your take on the full disclosure of vulnerabilities?
This is a painful but necessary process. It requires that immediate action is taken to address those vulnerabilities, alerting people to what has been exposed and addressing customers’ problems. It ensures customers can take corrective action, it forces a fast recovery programme and it helps others not to make the same mistake. None of this is popular with providers of the services that have been shown as vulnerable.
Spotlight
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
