Weekly News Roundup 7/13/2012
The demand for security professionals is looking to surge: ”Ease the Need for IT Security Pros by Writing More Secure Code” by Thor Olavsrud. Today there are about 2.2 million people working as information security professionals, that number is expected to almost double to 4.25 million by 2015. and that still may not be enough to meet the demand. So while finding a qualified IT security professional may be difficult, preventing breaches in the meantime isn’t. Hord Tipton, executive officer for security education and credentialing firm (ISC)2 says that executives need to make writing secure code a priority, and that they need to make sure that developers are trained up to the task. Tipton asks the simple question, “Why are companies still producing software with vulnerabilities?”. “The business looks for functionality, user friendliness,” Tipton says. “Security is an afterthought. People that are in the security portion of a company have a difficult time getting their recommendations in after the requirements are already set.” Veracode can help you vet your code and build more secure software with our cloud based code scanning and testing tools.
$1 Trillion has been spent globally on remediation: ”NSA Chief Says Today’s Cyber Attacks Amount to ‘Greatest Transfer of Wealth in History’” by Anne Saita. U.S. Army General Keith B. Alexander stressed the importance of cybersecurity to an audience at the American Enterprise Institute in Washington on Monday. General Alexander stated, “Symantec placed the cost of IP theft to United States companies at $250 billion a year,” he said. “Global cybercrime at $114 billion – nearly $388 billion when you factor in downtime. And McAfee estimates that $1 trillion was spent globally on remediation. And that’s our future disappearing in front of us.” All these facts point to how key the upcoming cybersecurity legislation will be. Learn more about the evolving cyber legislation landscape from our webinar with Richard Clarke.
DNSChanger wasn’t as potent as everyone thought it would be: ”Threat of DNSChanger Virus Passes, But Traps Abound” by Byron Acohido. No significant outages were reported at the beginning of this week when the FBI removed a safety net designed to protect approximately 577,000 Windows machines and shut down the servers that were used for DNSChanger. Of these, about 300,000 less were affected globally, and the virus has essentially become outdated, affecting only .01% of internet users.
DOD looking to develop rules of engagement for cyber warfare: ”Cyber warfare: New battlefield, new rules” by Amber Corrin. With no rules whatsoever existing in the new domain of cyberspace, Defense Secretary Leon Panetta told the Senate Armed Services Committee, “I’m very concerned at the potential to be able to cripple our power grid, to be able to cripple our government systems, to be able to cripple our financial systems.” The path to establishing a set of rules is long and treacherous, however, as the Department of Defense, Homeland Security, the Justice Department, the State Department, and the Commerce Department, must all come together so decision makers can integrate the new cyber laws with existing frameworks and initiatives. Not to mention, there is the task of defining what exactly an act of cyber war is. Find out how secure public companies are and what risks they face because of their weaknesses in our webinar on the vulnerability of publicly traded companies.
It’s cool to have a keyless BMW, until you no longer have a keyless BMW: ”Hackers steal keyless BMW in under 3 minutes (with video)” by Emil Protalinski. Officially acknowledged by BMW, thieves have been able to steal a large number of BMWs in the UK without setting off a single alarm or activating any immobilizers. To accomplish this task, hackers are able to take advantage of a number of security flaws. There is no sensor that is triggered when the thieves break the driver’s side window to access the interior, this is due to an ultrasonic sensor that has a blind spot just in front of the On-Board Diagnostic (ODB) port. The OBD itself is constantly powered, even when no key is present, and requires no password.