Weekly News Roundup
Happy Friday all, and I hope everyone had a great week. Here are the top headlines from this past week in the security world. Enjoy!
Cyber Security Index: “Cyber Security Index Highlights Political Threats, Business Partner Risk” by Paul Roberts (@paulfroberts). This article from Threatpost looks at this year’s Index of Cyber Security score of 1292, which is 292 points higher than when it was introduced last April. The Index was created by Dan Geer and Mukul Pareek in an attempt to gauge the level of perceived cyber risk and concern based on surveys conducted amongst cyber security professionals. Since its inception, the index has been steadily rising – a trend that can most likely be credited to the increasing number of cyber attacks taking place and the media exposure these attacks have gained. The article also provides a graph showing the “Cyber Fear” Index from month-to-month since March 2011 and a look at what sort of information we can expect to see on next year’s report.
Unisys Security Index: “Americans Rate Cyber-Security as Hot Issue in Presidential Election: Survey” by Brian Prince (@eweeknews). Unisys recently conducted a survery for its bi-annual Security Index, and the results show a major increase in American focus on Cyber-Security awareness and concern as an issue in the upcoming presidential election. Despite this finding, the Unisys Security Index still dropped overall for security concern. Read the full article for more statistics from the Index as well as Prince’s analysis on these national trends. For further commentary on today’s cyber threat environment check out our Q&A with cyber security guru Richard Clarke.
Enterprise Mobile Security: “Companies slow to react to mobile security threat” by Antone Gonsalves (@antoneg). This article offers Antone Gonsalves’ take on the findings from a new study on mobile security from Juniper Networks. The main takeaway from the study is that employees are using mobile devices at work to engage in high-risk activities, often without company consent. Juniper found nearly 90% of employees surveyed to be using their own devices to interact with sensitive company data and that in over 40% of these cases the employer was unaware they were doing so. In addition to these issues, mobile malware is increasing at an alarming rate, subjecting companies to possible data theft or breaches. On a more positive note, Juniper’s report found that a strong share of those surveyed are willing to work with their employers to protect their devices.
For more on “Bring your own Device” policy, check out our new video interview series with Dan Guido of Trail of Bits. In this segment Dan discusses BYOD for businesses and mobile platform security. Read our post and watch the video here.
Data Breach Aftermath: “Global Payments Breach Fueled Prepaid Card Fraud” by Brian Krebs (@briankrebs). Unfortunately it looks like the fallout from the Global Payments data breach is not yet over. Since early March of this year there have been numerous cases of debit card fraud using Union Savings Bank information stolen in the Global Payments breach that made headlines earlier in the year. According to bank officials, the fraud has already cost Union Savings Bank about $75,000, with another $10,000 being spent on replacing customer cards. Additionally, the fraud cases have brought up some new questions about the timing and extent of the damage of the Global Payments breach itself.
Click here to learn about data breaches in general.
SEC Guidance: “SEC Guidance Is a Really Big Deal” by Richard Bejtlich (@TaoSecurity). Richard Bejtlich wrote this blog post after speaking on SEC guidance at a recent conference. According to Richard, the SEC guidance is a “game changer” for several reasons, including its plans for enforcement and an increase in lawsuits and whistleblowing against companies with poor disclosure practices. Richard also provides insights to the new SEC guidance from Congress and Senator Jay Rockefeller.
CLICK HERE to view our webinar showcasing latest research findings about software security posture of public companies.