If you haven’t already come across Symantec’s new Internet Security Threat Report (ISTR), ponder this — in 2009, the world’s largest security software maker blocked an average of 100 potential attacks per second. In the article, “Cybercrime’s Financial and Geographic Growth Shows No Slowdown during the Global Economic Crisis,” last year hackers were more active than ever. According to Stephen Trilling, senior VP of Symantec’s Security Technology and Response Division, the continuing growth of more sophisticated cyber threats has become an international problem that we can no longer afford to ignore. Continue reading this post…
Observations from RSA – 100% compliant does not mean 100% secure
Yesterday, I sat in the RSA panel titled, “Cyber Security: An Arms Race.” It was an interesting panel because, of course, cyber security is an arms race. One of the recurring comments from the audience was centered around, “Who should be responsible for defending our networks?” This is a question that has been debated for some time now. The answer kept leading back to government and compliance. However, members of the audience did not realize that one of the fundamental axioms of computer security is: Compliance does not mean secure.
We are familiar with the above statement. We all know that security compliance may increase security, but not completely provide it. A great example of this occurred in the fall of 2008 within the DOD. Systems running in the DOD networks were compliant with FIPS 140-2, common criteria, and other standards. The systems and networks were operated by a staff of trained professionals. But even with all of the compliant security measures in place, Conficker still propagated throughout the DOD networks causing over $100 million in cleanup costs.
A similar problem occurred at Heartland Payment Systems. Even though Heartland was fully PCI compliant, hackers still stole information on the 100 million credit card transactions that are processed each month.
Compliance is important, but we must remember that compliance standards may take years to create and are never updated fast enough to stay current with today’s threats. Organizations must protect against the threats of the past by being compliant. They must also defend against the threats of today by being proactive. Application whitelisting is the proactive solution against today’s threats and must become the cornerstone of any security strategy.
Conficker expected to continue its wrath on security defenses
Despite consorted efforts to detect and block one of the world’s most dangerous forms of malware, security experts predict the Conficker worm will continue to deactivate security defenses and wreck havoc on computer networks throughout 2010. That’s bad news for security professionals who are actively doing everything they can to protect their networks from more harmful botnets and malware. Continue reading this post…
Time For an Update of PCI Antivirus Requirements: Take a lesson from NERC CIP
PCI requirements have come under scrutiny lately. A number of high profile security incidents resulting in the exposure of hundreds of thousands of credit cards have, fairly or unfairly, brought attention to the companies who suffered these attacks and yet were PCI compliant at the time. The highest profile incident was that of Network Solutions where over a half a million credit cards were compromised.
The culprit? Unauthorized code on their servers resulted in the exposure of the credit card data. Despite the protections employed to protect the card data on servers, they were done in by simple malware on a system in their infrastructure.
Conficker – A botnet on autopilot
I came across a good article today from internetnews.com detailing the latest stats for the Conficker botnet. Over 5.5 million PCs are actively infected and a part of this botnet according to the Conficker Working Group. Clearly Conficker continues to be a threat despite approaching its first year anniversary this October. Continue reading this post…