Tips For Staying Secure in 2006
by Calum Macleod - European Director of Cyber-Ark - Monday, 16 January 2006.
So 2005 has gone down as the worst year for data security breaches. I suppose the good news is that we seemed to be less troubled by viruses, so either the virus developers have got bored, or our anti virus technology has got better, or maybe were simply not aware of them - remember the incident earlier in the summer of 2005.

The question is whether 2005 has been particularly bad for data breaches, or its the case that more organisations own up to indiscretions. After all the consequences for being found out are now a lot more serious than admitting to a problem.

It seems like almost every month last year, some organisation or other was admitting to backup tapes being misplaced. They were either getting lost in warehouses, disappearing when entrusted to some courier service or other.

In the UK, the Inland Revenue lost a computer disc, sent by the bank, which contained address and account details of the banks investors, and apparently they are still looking for the disc. In Japan, millions of credit card details were stolen. In fact the stories go on and on. The potential seriousness for your business was quantified by the department of Trade and Industry, which said that 70 percent of organisations that experience serious data loss go out of business within 18 months. So looking on the bright side, the UK may become a tax haven during 2006!

An organisation should never underestimate the potential damage in case of exposure or loss of confidential data. This is the reason why most businesses takes great care to ensure that the physical media is protected in physical safes with dual control procedures. And in some cases these physical security measures are even enforced by formal regulations.

Securing data while it travels between applications, business partners, suppliers, customers, and other members of an extended enterprise is crucial. As enterprise networks continue to become increasingly accessible, so do the risks that information will be intercepted or altered in transmission.

For example how many CEOs are aware that sensitive data within the organisation is visible to everyone from database administrators, developers, and system administrators? How many bank directors are aware that in many cases financial transaction files are sitting in clear text on application servers a European bank recently fell foul during an external audit when it was discovered that payments being sent to and from a third party payment system where accessible to system administrators, and the bank had no means to control administrator access to the systems, and no way to verify if the file was manually adjusted. And the chances are that if its true of this bank, its very likely the case in others since they generally use similar systems. And not only are they not aware, they dont always understand the technical issues involved. Like my accountant and I when we meet we have these brief conversations where I try to explain what I do, and vice versa, and quite frankly neither of us has any understanding of the others profession.

Think about the company who is contracted to carry out research and development for many business partners do management understand how confidential R&D data is shared with business partners? Or how about the financial company that processes payments for non face-to-face businesses including Internet, mail and telephone does management know how payment files are delivered to and from merchants? The list is endless.

Spotlight

Android Fake ID bug allows malware to impersonate trusted apps

Posted on 29 July 2014.  |  Bluebox Security researchers unearthed a critical Android vulnerability which can be used by malicious applications to impersonate specially recognized trusted apps - and get all the privileges they have - without the user being none the wiser.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //