Thursday, December 18, 2014
Data deletion can be caused by all sorts of unexpected, events: sudden hardware or software failure, malware activity and, perhaps most commonly of all, simple human error. Some examples of the latter I have experienced have included accidentally reformatting a laptop drive, tripping over a wire that pulled the power lead out of a desktop machine and corrupted the data being written at the time, and - most common of all - deleting the wrong file or directory. Avoiding human error is, quite frankly, all but impossible as we all make mistakes. Avoiding the potentially costly impact of deleting important data is not only possible but absolutely imperative in terms of business continuity.
Tuesday, December 16, 2014
Google has been quick to blacklist domains implicated, most often unwittingly, in the distribution of what has become known as the SoakSoak malware campaign courtesy of soaksoak.ru being the first domain in the redirection path it used. With 11,000 domains blocked over the weekend, you might be forgiven for thinking that it's another WordPress hosting sites security problem sorted before it can do any harm. However, most experts I have spoken to would seem to agree that 11,000 domains is just the tip of this particular iceberg and the actual number of soaksoak impacts on WordPress specific sites is in the hundreds of thousands spectrum.
Monday, December 15, 2014
Science is being used to counter "technically aware terrorists", as part of a wider technology push for countering international terror threats, according to the UK government's recent Protecting the UK Against Terrorism policy document. Because of the nature of the counter-terrorism beast, exactly what technology is being used and how it is being implemented is not in the public domain. That doesn't mean, however, we are unaware that communication monitoring techniques are at the very heart of the surveillance and interception policy and have been for many years.
Monday, December 08, 2014
An increasing number of my acquaintances seem to be in the habit of buying cheap Android smartphones when in China on business and, increasingly, from online auction sites. More often than not these will be clones of flagship models but without the flagship price tag; however, cheap is not always cheerful. I've seen some of these devices with their look-alike operating systems and their flimsy construction, and given a quick once over have to say I wouldn't trust them with my calls, texts and data. That level of mistrust appears to be well founded, not least because it would seem that some of these cheap clone phones are coming pre-loaded with malware called DeathRing.
Friday, December 05, 2014
Every business wants to maximise profit while minimising expenditure. In the world of IT that increasingly means moving from a capital expenditure-focussed, infrastructure-heavy approach to an outsourced and infrastructure-light one courtesy of the cloud. Being able to manage spending through controlled budget expectations is a key driver helping to deliver the cloud into enterprise strategies across the globe; but how does keeping a lid on spending sit with keeping that cloud secure?
Increasingly, the cloud is becoming mixed up; and that's not a bad thing. Enterprises of all sizes are starting to conclude that more often than not a mixture of public and private cloud solutions provide the best operating efficiencies and value proposition. This is, in a nutshell, the hybrid cloud. Wikipedia defines it rather well as being "a composition of two or more clouds that remain distinct entities but are bound together, offering the benefits of multiple deployment models" and you can explore the concept further through some interesting Cloud Pro case studies. Time and time again you will find yourself being advised to audit your data and applications, keeping the highest risk stuff within a private cloud environment while farming the lower risk functions and data out into the public cloud. It's good enough advice. Indeed, I have often given it myself, but the question is raises which is not so often answered is how do you then ensure that this overall hybrid cloud entity is secure?
Security concerns sit at the top of the migration agenda for those enterprises yet to make the move into the cloud, and remain a focus for even the earliest of cloud adopters. Quite rightly so, in the light of an increasingly diverse threat landscape and a maturing average perpetrator skill profile. However, just as securing your own network infrastructure and the data within it isn't exactly rocket science, nor is securing your data in the cloud. Without wishing to sound too patronising, it really is just a case of getting the basics right and never resting on your laurels. With this in mind, here are our top 10 steps to take for ensuring you are ahead of the security-related challenge curve and avoid falling victim to cloud insecurity.
Wednesday, December 03, 2014
Bring Your Own Device (BYOD) security problems have been overblown during the last few years. Sure, the increased uptake of cloud services and the pressure put on both budgets and staff expectations has led to more off grid devices appearing in the workplace. However, the use of them doesn't have to be a security nightmare; it just means the enterprise has to adjust its security posture accordingly to accommodate the risk.
Tuesday, December 02, 2014
A group describing itself as "DDoS kings" who "just want to watch the world burn" has claimed responsibility for taking the Microsoft Xbox Live network down for an hour or two earlier today. The Lizard Squad, posting from a Twitter account called LizardPatrol, published a message warning that "Microsoft will receive a wonderful Christmas present from us" and say that taking Xbox Live offline was "a small dose of what's to come on Christmas."
Social engineering has long been the preferred route for hackers, whether through the front door or using social media and email. So what better way to protect against the threat than with a bit of ‘social pen-testing’? Davey Winder reports. Phishing remains a very real threat to organizations of any size. Symantec research showing a 91% increase in spear-phishing attacks from 2012 to 2013 tells us that much. But forget thinking of the threat in terms of the old Nigerian 419 or Canadian National Lottery scams. The bad guys have moved on and so must you if you’re to avoid falling victim to increasingly sophisticated and sector-specific targeted phishing attacks. You need to start thinking about implementing a social engineering vulnerability evaluation strategy. But when is the right time, and what is the right strategy?