Defending your business against cyber attack may be the number one priority this year. Learn more http://ping.fm/mlIGI

Is the UK ready to handle cyber attacks as a country? Find out more http://ping.fm/iOenu

Defending Against Business Security Threats.

In the current global economy, almost all the big businesses of the world are having to address issues with Internet Security.  And in most cases, the overall security plan is designed to just try to deter hackers.  Especially if the deterent is good enough to just get hackers to leave and find an easier target.

The problem is that there is a new kind of internet terrorist out there now. In the industry, we call them APT’s. It stands for advanced persistent threats. This group takes perverse joy in continuing to hack sites till a solution is found. Welcome to the new world of internet attacks.

This type of hacker is typically a non professional. Therefore, they are not bound by budget constraints, and the need to show quick results.  It could  very well be the kid next door.

I ran across a quote about this from Amichai Shulman about the issue. Shulman is the CFO of Imperva, a firm that specializes in security for the internet.

“Such campaigns need not necessarily be backed by enemy states, but may include friendly nations that compete in the global market, and want to promote home-grown enterprises,” he says.

Traditional defences will not deter such attacks because the potential gains for the attackers are so high that they will invest a lot of resources in crafting sophisticated, multi-stage technical attacks, says Shulman.

“The reality is that most organisations balance security requirements with the need to keep the business running, and often the balance is in favour of business continuity,” says Shulman.

Consequently, he says, there is almost always a way to craft attacks that will bypass standard security settings, which is what usually happens with APTs.

How can you defend against such attaks?

What should organisations be doing to defend against APTs? That’s the real question.  In short, the solution is in the details. You have to be paying attention to the details of what is happening on your website. Here is what Shulman ways:

Carry out a risk analysis…..A risk analysis will not only tell an organisation if it needs to spend time and resources on mitigating APTs, he says, but will enable it to spend security budgets more cost effectively, by matching security investments to level of risk.

Where organisations believe they are at risk of APTs because of the kind of information they hold on their networks, they should immediately establish a process for reviewing all security alerts and attacks, even those that have been blocked.

“Most organisations discard this information. They are happy that their firewalls and anti-malware solutions are blocking threats, and do not look at what their systems are picking up to identify any surges or trends that might be part of an APT campaign,” says Shulman.

Where there is a threat of APTs, he says organisations cannot simply mitigate attacks, but need to keep track of what is happening and monitor and analyse what is being blocked to help refine controls around what they think will be targeted next.

“If organisations can identify ongoing efforts to break into their network, then they should alert law enforcement agencies and allocate extra resources to protect the information being targeted by attackers,” says Shulman.

An important element of defending against APTs, he says, is maintaining a balance between all areas of security rather than investing most resources in the latest threats.

“IT security professionals must ensure that while they are adding mitigations for new threats, they do not neglect old attack methods, because attackers never do,” says Shulman.

Finally, organisations at risk of APTs, as well as all other organisations, should try to pinpoint areas of their IT system and data that are at risk, then isolate them as much as possible and put effort around those, rather than try to create the same high level of protection across the network, which is usually not practical, as demonstrated by the recent publication of thousands of “sensitive” US government documents, says Shulman.

“Organisations need to define what is core information and enable true control over it, because if they attempt to watch thousands of documents that have been incorrectly classified as ‘sensitive,’ they are bound to fail” he says.

Related Topics: Hackers and cybercrime prevention, IT risk management, IT strategy, VIEW 

The Need for a UK Cyber Task Force

I had a chance to read an article recently that was talking about the new so called Cyber Security strategy for the United Kingdom. John Reid, who is with the Institute of Security and Resilience Studies, was praising the formation of the new group, but also warned that much more work would be needed.

In short, the criticism was this:  there was no actionable plan to move forward. There was too much time spent on just the overall dimensions of what could be done.

“In terms of actions, it fails to rise above protection,” he said.

Reid welcomed the idea of a strategic summit of professional services providers, saying that bringing together the public, private and academic sectors is the best recipe to drive real change, but questioned the distribution of cybersecurity funding.

While it is understandable, he said, that around 57% is going to intelligence, 14% to the military and 10% to law enforcement, it is disappointing that business innovation and skills has been allocated only 2%, and research and education is at the bottom of the list with no budget at all.

“We cannot and will not catch up if investment lacks depth [and does not support development and growth],” said Reid.

While no one thinks government can tackle the challenges of the radical changes brought about by the rise of cyberspace, government should lead the project to maximise the benefits and opportunities for innovation, while controlling and mitigating the threats.

The government’s role, said Reid, is in helping set up the concept framework as it would when tacking any problem that is difficult to solve.  This framework will help plug the legislative gaps to get the law up to speed with technological changes and help create the environment drive innovation that is essential to both security and growth, he said.

Reid proposed a national cyber taskforce made up of people from the public, private and academic sectors that would define actions at a strategic level; not a “think-tank” , but a “do-tank” that is directly responsible to the national security council, he said, that can be expanded to include the economy, as the US has done.

“This will add a further step in meeting the challenges of cyberspace,” he concluded.

Google Search Plus is Watching You!

Well, it is true. Google search plus is watching you!  And now a watchdog group from the United States has taken the Google folks to the Federal Trade Commission again.  This  time, they are claiming that the new search engine functionality is violating the Privacy of its users.  Imagine that.

In a letter to the Federal Trade Commission, the Electronic Privacy Information Center (Epic) says it is concerned about the changes that have been implemented with Google Plus post go live.

Google has been fighting to catch up with Facebook in the social media space in recent years. But Epic is concerned by a new feature, called “Search Plus Your World”, that blends information such as comments and photos posted on its Google+ social network into users’ search results.

The service will also display Google+ business pages and notable Google+ users alongside the search results. The service aims to give users search results that are customized to their interests and connections. But Epic is concerned that it may make people’s private information searchable without their knowledge and that the changes potentially favour Google’s own services over those of rivals.

“Incorporating results from Google+ into ordinary search results allows Google to promote its own social network by leveraging its dominance in the search engine market. The move is not very popular across a host of other social networks, including Twitter.

In a statement released to the Guardian, a Google spokesperson wrote:

Our goal with search has always been to provide the most relevant results possible. That’s why for years we’ve been working on social search features to help you find the most relevant information from your social connections no matter what site it’s on. Search plus Your World doesn’t change who has access to content, it simply helps people rediscover information they already have access to. We’ve taken special care with our new features to provide robust security protections, transparency and control for our users.

But Benjamin Edelman, professor at Harvard Business School, found more than a dozen Google services receiving favored placement in Google search results. “Some have developed into solid products with loyal users. Others are far weaker. But each enjoys a level of favored placement in Google search results that other services can only dream of.”

Well, we at Zanity.com.au are not real surprised.

The HP Folio 13 is No Simple Ultrabook

The HP Folio 13 is no simple ultrabook. I have looked at them all, and used several.  So, I feel it is fair to say that it takes a lot to stand out in the crowded world of ultrabooks, but this one has definitely caught my attention.

The newly announced HP Spectre is the most glass-covered laptop in the business. I’ve  seen glass-heavy smartphones like the iPhone 4, but not so much in laptops…until now. At CES 2012, we got a good close-up look at HP’s bold Envy redesign.

The Spectre is HP’s first consumer-oriented ultrabook (the HP Folio 13 released last year was technically HP’s first ultrabook, but targeted at small business), and the differences between the Spectre and Folio couldn’t be greater. The HP Folio 13 is a model of restraint, practicality. The Envy 14 Spectre is about flash and gloss, most markedly via its all-glass lid and palm rest. At a CES devoid of many eye-popping laptops, the Spectre could be the most stylish of the bunch.

While having glass all over the display, lid, palm rest, and touch pad might seem to invite danger, HP boasts that using Gorilla Glass will make the laptop more scratch-resistant. That may be true, but there’s likely some concern about shattering. Then again, if you dropped any laptop on a hard surface, odds are you wouldn’t be happy with the outcome.

Compared to thin 13-inch ultrabooks and laptops like the MacBook Air, the Envy 14 Spectre is no lightweight. The 20mm-thick, 14-inch ultrabook fits within the size guidelines for the newer class of 14-inch ultrabooks we’ve seen at CES, but that also means it’s heavier and thicker than other ultrabooks, including the HP Folio 13. Nevertheless, the Spectre is still lighter and thinner than mainstream laptops like the MacBook Pro.

Well, give it a look.  I think I will be looking again myself

Johnny Smoes

Zanity.com.au

 

The Year the Web Became an Adult

In many respects, 2011 is the year the Web became an adult.  That is so obvious when you look at the big struggle this year between Google and Facebook. In this battle of the giants, you have the social media king versus the search engine giant.  And what did we get?  We now have a web system that allows quality content and social media to happen in the same place at the same time. Let’s consider that further.

Intelligence or information technology can now easily travel across social networks via people posts, pictures, and videos.  When someone reads important information on a favorite website, it can be shared across multiple social media platforms without ever leaving the page.  And how do we know who all is reading something?  Well, we now have the famous “like button” in one form or another.  Information, quickly accessed, with a public opinion poll: that is the form of an adult Web.  And people are loving it.

If people have recommended something on the Web, research being done in several major universities in the United States indicates that many people will find it to be more credible in nature.  Hence, we use our social connections to help us understand the world.  This makes it very easy for  advertisers to target product pitches more directly. In some cases, this is leading to new business models, in which intelligence gleaned from social-media chatter is gathered and brokered by companies such as Bluefin Labs. It also is turbocharging Facebook’s existing ad model, setting the company up for the largest Web IPO of 2012.

We Sense A Storm A Coming for SOPA Anti-Piracy Act

One of my favorite U.S. Christmas stories is the movie “Christmas with the Kranks. In that movie, the couple is set to skip Christmas and take a trip to the Caribean when their daughter calls and changes the whole game. Mr. Krank gets one of the best lines in the movie when he says, “No, but I sense a storm coming.”

There is a huge storm a coming over the SOPA bill in the states. SOPA stands for “Stop Online Piracy Act.” It is being pushed by Hollywood, in an effort to help stop the issue with movies being pirated.  It will give the U.S. Government broader range in ability to go after piracy, as well as top things from happening on the Internet that could lead to the problem.

The large social platform giants of the Internet world, however, are really seeing this as a storm coming. If it happens, the biggies like eBay, Google, Facebook, and Twitter may all take their sites black at the same time.  This could be a huge impact on the Internet world.

There are rumblings about this very tactic being quietly discussed by people like Sergey Brin from Google and Craig Newmark from Craig’s List.  You really need to keep your eyes open on this subject, as it could become 2012′s story of the year.

If you can senor the web for online piracy, what comes next.  It’s not snowing yet, but a sense a storm coming.

2011 is the Year of the Social Protestor

One of the big changes that happened in 2011 is that the year has been the proverbial “Year of the Protester.”  Many people have applauded  Facebook, Twitter and YouTube for the role they played in the Arab Spring, a series of protests in the Middle East that started late in 2010. That is where the year really began.

Use of social networks to spread the word about demonstrations persisted  in the Egyptian uprising that toppled longtime President Hosni Mubarak.  For a while, Twitter was a better source of information than CNN on the subject. Certainly, the stories were getting posted faster, as even the mainline TV giants turned to the use of FB and Twitter to help cover the stories like in the field correspondents.

In London, participants in riots used BlackBerry Messenger to get the word out across the U.K.  And it happend quite successfully. Micro reports from Occupy Wall Street and other U.S. protests frequently popped up on Twitter, Facebook and other sites.  Look how quickly the Youtube movies were able to change the opinion of many Yanks on what was happening in their country.

Perhaps in a nod to those events, Facebook CEO Mark Zuckerberg said onstage at his conference this year, “We exist at the intersection of technology and social issues.” How amply put.

Johnny Smoes

Zanity.com.au

 

Facebook Tells Us What We’ve Found Interesting in 2011

Recently, Facebook has released their top 10 stories for the the year. So, we wanted to explore that list for a moment today in our technology trends section of the blog. Facebook tells us what we’ve found interesting in 2011, but it has also told the advertising agencies of the world how to get our attention. So, think about the ads you have seen that pop up around these topics.  Here is the Top Ten list of Topics from Facebook for the Year.

1. The death of Osama bin Laden (used to advertise tactical & survival gear)
2. Packers win the Super Bowl (Best marketing tool of the later year for the Kansas City Chiefs!)
3. Casey Anthony found not guilty (used to advertise background checks )
4. Charlie Sheen (sadly, everything seems to sell better mocking Charlie)
5. Death of Steve Jobs (Has put IT sales up dramatically. The book is also doing well.)
6. The Royal Wedding (fashion industry advertising)
7. Death of Amy Winehouse
8. Call of Duty: Modern Warfare 3 (selling online gaming and system sales)
9. Military Operations Begin in Libya (survival and outdoor gear, emergency preparedness.)
10. Hurricane Irene (hardware industry story of the year. Even more then the flooding that hit Louisiana this year.)

So, there you have it. We hope it tells you a little more about what we find interesting in this world:  war, celebs, sports, and catestrophie. Oh yes, and the occastional geek. Here’s to the geek!

Johnny Smoes