Wednesday, September 28, 2011

Smart Phone Security

Now that smart phones are being used more often for sensitive uses, like making and paying for purchases, it is clear that hackers are going to focus more attention on smart phones. companies like McAfee are putting out security software to protect them. And the US Department of Defense is calling for more protection for them and in particular for the Android Operating system, which is on the largest number of phones.

Companies need to be concerned about this area, as some of their sensitive data is going to end up on smart phones, so their defences need to extend to the phones. This is not a new idea, but the new landscape means that the degree of protection now needs to be at a level comparable to that of the corporate data in the main system, which has not been the case to date.

For more on the new environment for smart phones, check this NY Times article.

Thursday, September 22, 2011

Security Breaches are Becoming a Certainty

It has become clear, with the growth in use of the internet, mobile devices and social networking, that avoiding security incidents has become more difficult. Recent research, however, shows that they are a near certainty.

"A recent survey by the Ponemon Institute found that the threat from cyber attacks is nearing statistical certainty -- 90 percent of U.S. businesses were hit by at least one security breach in the last 12 months. Almost one in two said there was a significant increase in the frequency of cyber attacks over the past year, and 77 percent said attacks are more severe or difficult to contain."

For more, check this link.

Friday, September 16, 2011

Persistent vs Intermittent Attacks

"Researchers at North Carolina State University examined two Wi-Fi attack types -- persistent attacks, in which the attack persists non-stop until it can be identified and disabled, and intermittent attacks, which block access on a periodic basis, making them harder to identify and stop. They were able to measure the impact of both attacks."

They concluded that all attacks cannot be prevented and that a sensible policy would be to target those that would cause the most damage, which often would be the persistent attacks.

for a release on this study, check this link.

Monday, September 12, 2011

Protecting Mobile Devices

Hackers and malware are increasingly targeting mobile devices, particularly those use the Android system, although all others are at risk too. Users need to treat these devices as they do computers and take steps to protect them. This includes the following:

1. Establish a password for opening the device. We do this for our notebooks all the time.
2. Avoid downloading unproven apps.
3. Accept all patches.
4. Back up the data.
5. Don't jailbreak the device. Which some people do to free it up from dependence on a single supplier.

For more, check out this article.

Wednesday, September 7, 2011

People just don't Understand Mobile Security Threats

When it comes to laptops and notebooks, people get it. There are security threats and spam and they need to take precautions against them. People are used to being wary of emails that ask for personal information, or websites that they don't know and never heard of that sell products at low prices. They are used to installing anti-virus software and some even have a practice of erasing their cookies and browser history. People know that identity theft is a serious problem, and that they need to be careful.

Not so with mobile devices. Maybe its because they're small. Maybe because their power is a relatively new thing and they just haven't caught up to the idea that their cell phone has become a small computer with connections to many other computers. That viruses and malware that get into their phone can get into their other computers, even their work networks. Some companies are coming to terms with this idea, but in general mobile device users just don't get it.

And so they go on downloading apps without concerning themselves much about where those apps are coming from or who made them or whether they have been properly tested and protected. They don't even think about installing protective anti-virus software, not that much is available yet.

The result is that mobile devices are now the biggest single threat to data integrity of many organizations. This means that IT Assurance professionals need to pay more attention to this threat. That is - contemporary attention. Guidance and reference materials have been out there for a few years now. But most of it is obsolete simply because the technology for smart phones has advanced so fast. New tools are needed. But until then, experienced professionals can identify the risks in the devices being used, and how they are used and suggest behaviours that will mitigate those risks.

The biggest need at this point is to modify the behaviour of the users. The fraudsters get it. And the users need to get it too.