Latest news
The imagined villains are in fact the victims, but more importantly the problem of spy software being prevalent in Israeli companies came as a result of one of the most comprehensive investigations involving computer crime ever undertaken. The Trojan had been introduced by providing companies with contaminated files, or sending a contaminated e-mail message to the companies. This also raises concerns that this evaded all the security measures in place at the companies infected.
Today our businesses depend on the exchange of electronic information with our business partners but many of the mechanisms that are used still rely too much on the goodwill of our business partners, or the integrity of the systems that they use.
Two of the most commonly used methods, FTP and Digitally Signed emails, using technologies such as PGP, are not really equipped to deal with this type of situation. In Israel, emails were being received from trusted business partners, so digital signatures on the email would possibly be considered trustworthy. In the case of files being shared using systems such as FTP, the presence of malware detectors was unable to identify anything inappropriate.
The bottom line is that we frequently depend too much on the trustworthiness of those we deal with, and unless we take appropriate measures to deal with the eventualities such as this, we are leaving ourselves vulnerable.
So are there measures we can take?
Do not expose your internal networks to external parties - The process of transferring files in and out of the enterprise must be carried out without exposing and risking the internal network. No type of direct or indirect communication can be allowed between the partner and the enterprise network.
Ensure that the repository for files being moved back and forth is secure. While information is waiting to be retrieved by the enterprise or sent to the business partner, it must reside in a secure location. This is especially critical when the intermediary storage is located on an insecure network, such as the enterprise’s DMZ, outsourced site, or even the internet. Additionally you should take the steps to define what format files will have, and to ensure that they can only be deposited if they are virus free.
Spotlight
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
