Whether you lived near moving water in Medieval Russia, were moored in the Highlands of Scotland, or lived in a huge tower in Ireland, you knew when the Vikings had landed. Within moments, everything you owned had been stolen, killed, or set on fire. Those who survived the raids picked up what they could from their devastated land. Survivors sought relief from their medieval lords, who might resupply them or might grant them nothing. The success of the Vikings increased their wealth and spawned further raids, and so they evolved their ships to carry more and travel further.
The problem with next-generation information security technology is that it is predicated on last-generation enterprise architecture. In many instances, the best new security options are no more than minor iterations from existing technology. Even though the definition of next-generation includes improved application awareness, security devices still work to control network and device access, just with extra layers.
Over the past couple of decades, our society has become ever more dependent on software and the Internet. This evolution, unfortunately, has also increased the number and value of targets. The Internet knows no borders; neither does cyber crime, including cyber espionage. As long as the industry continues to produce insecure code, the consumer will be forced to bear the financial burden of securing critical data and systems.
2013 has seen the release of new phones, successive iterations of phone operating systems, and novel mobile malware. Some of these have been little tweaks (Carberp-in-the-Mobile (CarMo), iPhone 5s), while others have been breakthroughs.
Android has excelled in gaining positive publicity as it has rolled out new devices and upgraded to KitKat 4.4. On the downside, 99 percent of mobile malware is targeting the platform, and users are being hit hard. It’s not just SMS stealers or premium rate fraud anymore; it’s real malware.
Everyone knows that it is practically impossible to write secure software. In spite of massive security investments by the software industry, we have come to expect the frequent publications of large quantities of new vulnerabilities. Yet we tend to ignore the fact that these vulnerabilities in fact are in existence long before publication but are known only to privileged groups such as cyber criminals, brokers, and government agencies.
The consumerization of information technology (IT) takes many forms, but the three technologies that employees have become comfortable with in their role as consumer and now wish to leverage in their role as employee are mobile devices, cloud services (for example, file storage), and social networks. All three technologies raise security and compliance concerns for enterprises because of the difficulties surrounding control of their use.
As the use of smartphones and tablets becomes mainstream in enterprises, organizations need to address some fundamental security concerns. While we have yet to see these devices succumb to malware threats in the way that previous endpoints have, there are legitimate data protection issues associated with their use. Between June 2012 and June 2013, travelers lost more than 10,000 electronic devices, including laptops, mobile phones, and tablets, in just the world’s seven largest airports, according to Airport Lost and Found, a global database.
The notion that there is not enough information available regarding cyber attacks, vulnerabilities, and breaches pervades cyber security discussions. The premise drives numerous industry trends today, including: efforts to improve information sharing among the private sector and between the public and private sector; the creation of financial incentives (bug bounties) to incentivize vulnerability disclosure; and the demand from public oversight organizations to demand more detailed accounting of corporate risk postures.
Windows 8 is the most secure client operating system Microsoft has ever released. When Windows 7 was unleashed as the most secure Microsoft OS ever (at the time), journalists asked security experts “Do users still need anti-virus?”. The answer, of course, was a resounding “YES!” – unless they wanted to increase their chances of getting infected.
From choosing stocks to buying cars to hiring employees, the evaluation of a track record is a common criterion in the selection process. Current performance is important, but past performance holds weight too. How important or even how interesting this historical performance data is depends on the subject being evaluated and the age of the data.