IT Security’s Greatest Fear: Fear Itself

system security, access management, identity access management, foxtWhen it comes to the most pressing concerns over information security, a majority of business and technology executives say their greatest fear is fear itself.

A new global information security survey from Ernst & Young entitled “Creating trust in the digital world” finds that the overwhelming majority (88 percent) of executives do not believe their security investments are sufficient. Nearly two-thirds (69 percent) would like to see their IT security budgets increased by at least 50 percent as a result.

While there is some good news in the study — executives are less fearful of cyberattacks unwittingly caused by unaware employees or due to outdated systems – fears over phishing attacks and malware are on the rise.
Continue reading

Studying Health IT Security of the Future

system security, access management, identity access management, foxtWhile recent high-profile health data breaches like the Anthem, CareFirst, Excellus, and Premera hackings have the industry focused on cyber threats, Avi Rubin is focused on threat vectors in the not-too-distant future.

Rubin is director of the Health and Medical Security Lab at Johns Hopkins, which was established about six years ago with funding from the Office of the National Coordinator for Health Information Technology. His latest research focuses on security for healthcare IT systems, based on a $10 million grant from the National Science Foundation that is shared between himself and three other professors at Dartmouth (David Kotz), University of Illinois at Urbana-Champaign (Carl Gunter), and University of Michigan (Kevin Fu).

Health Data Management spoke to Rubin about cybersecurity and the challenges in securing health IT.
Continue reading

The Top 5 Data Breach Vulnerabilities SOLVED by Thinking INSIDE the “BoKS”

system security, access management, identity access management, foxtThe dramatic increase in high profile data breaches has put IT security concerns under serious scrutiny in recent years and often in the headlines. Many of these massive security vulnerabilities are literally and figuratively baked into the pie of today’s modern IT infrastructures. Whether from a culture of misplaced trust or an over prioritization on business efficiencies, to disconnected business leadership or even fundamental infrastructure “short cuts” designed with the best intentions. The real “root” causes of these data breaches is as old as computer technology itself.
Continue reading

Why cybersecurity exposures are likely to intensify in 2016

system security, access management, identity access management, foxtWith 2015 about to go down as the year of the massive data breach, 2016 could emerge as the year cyber criminals turn their attention to exploiting myriad alternative paths to steal sensitive data.

Meanwhile, companies and individuals must guard against becoming complacent. That’s the consensus of a group of security and privacy thought leaders interviewed by ThirdCertainty.

The year is not quite over yet, but some cybersecurity experts already are seeing it as the worst year yet for breaches.

The organizations affected by this year’s major attacks—Anthem, Office of Personnel Management, Ashley Madison—had one thing in common: massive amounts of information.
Continue reading

How to easily defeat Linux Encoder ransomware

system security, access management, identity access management, foxtFor all the attention Linux.Encoder.1 ransomware has gotten, a lot of people seem to be missing that it’s easy to fix. Here’s how to do it.

First things first. Linux.Encoder.1, the “Linux” crypto-ransomware, is not a Linux security hole. This malware relies on a security hole in the Magento web e-commerce platform, not Linux.

If you use Magento and haven’t patched it since February 9, 2015 — yes it’s been that long — then, and only then, are you vulnerable. Otherwise, your site can’t possibly get Linux.Encoder.1.

The Magento attack resembles ransomware programs such as Windows’ CryptoWall and TorLocker. They encrypt your files and then demand payment for the key to unlock your documents.
Continue reading

Security before innovation in the IoT

system security, access management, identity access management, foxtFew technology trends have generated as much interest in recent years as the Internet of Things (IoT). As a result, many organisations are working tirelessly to bring innovative new connected devices to market.

The IoT has the potential to be the biggest innovation many of us will see in our lifetime. Similar to the dawn of the Internet, it will change the way we live and work. That is a really exciting prospect for both consumers and product companies alike. Before you know it nearly everything will be IoT enabled. Cars, kitchen appliances, medical devices, manufacturing lines – there is very little we won’t be able to control with a smartphone and an app. The possibilities are endless – but with all that opportunity also comes risk.

Continue reading

Continuous integration tools can be the Achilles’ heel for a company’s IT security

system security, access management, identity access management, foxtCI deployments are insecure in default configurations and allow the execution of commands on the underlying OS with system privileges.

Some of the most popular automated software building and testing tools used by developers have not been designed with security in mind and can open the door for attackers to compromise enterprise networks.

These so-called CI (continuous integration) tools allow developers to automatically create software builds when code changes are contributed by developers to a central repository. The creation of these builds, which are used for quality control, is coordinated by a CI master server based on predefined rules and done on CI slave machines.
Continue reading

Government CIOs and CISOs under siege by insider threats

system security, access management, identity access management, foxtAs the Office of Management and Budget rolls out a framework to help agencies advance their cybersecurity posture, a new report highlights pervasive vulnerabilities from insiders.

When the Office of Management and Budget rolled out its far-reaching blueprint for federal agencies to improve their cybersecurity posture, it identified a number of areas where government CIOs and CISOs can improve, including rapid detection and response to incidents and the need to recruit and retain top security talent.
Continue reading

Linux Security: Circling the Wagons

system security, access management, identity access management, foxtPeople who belong to the free and open source software community have one trait in common: they are extremely sensitive to criticism of any kind of the software that belongs to this genre.

Nothing else can account for the reaction that has been forthcoming after the Washington Post published an article on Linux a few days back, a fairly long and detailed account that in the main cast doubts on the security afforded by the kernel.
Continue reading

Linus Torvalds vs. The Internet Security Pros

system security, access management, identity access management, foxtThe Washington Post feature story, Net of Insecurity: The kernel of the argument, opens “Fast, flexible and free, Linux is taking over the online world. But there is growing unease about security weaknesses.”

Nonsense. Linux already runs the Internet and it has for over a decade now.

Google, Facebook, Yahoo, Netflix — unless it’s name is Microsoft, its Web presence is based solidly on Linux.

Oh, wait, what’s this? Microsoft is moving to Linux too. Microsoft Azure Networking principal architect Kamala Subramaniam announced that Azure Cloud Switch (ACS), a Linux-based network program, “allows us the flexibility to scale down the software and develop features that are required for our data-center and our networking needs.”
Continue reading