Tuesday, August 9, 2011

Security Never Takes a Vacation

We’ve all seen the auto-out-of-office replies, ‘Thanks for your message but I’m out until I return – contact my boss/subordinate/someone else if you need or want anything.’  If you’ve emailed me over the last couple weeks, you’ve seen a similar note.  I took some time off, then participated in F5’s awesome Agility Conference for partners and customers and then took a few more days off.  I am challenged, like many of us, to avoid work, recharge and let the brain-drain occur while ‘out of the office.’  As humans, we need to escape from our daily grind to give the mind, body and soul a chance to recharge but I do try to keep informed about security stuff since I’m personally interested it. 

riffraffbuttonIT Security cannot ever take a vacation.  Imagine if you went to your favorite website and when you typed the URL, you got, ‘This website’s content is on vacation and will not be available this week.  It’s been working hard to keep you safe but needs a week to recuperate from blocking all those malicious types.’  Now certainly, we see similar messages when a site is down and most, if not all, websites have maintenance windows, but to put a site on vacation is unheard of and absurd.  The IT Security staff also needs time-off but their equipment and the sites they manage need to always be available, secure and performing at their peak.  The obvious reason is that riff-raff never takes a vacation nor does the need to protect against online threats.  There were a few stories that caught my eye over the last couple weeks.  

Of course there was the BlackHat and DEFCON conferences in Vegas and there has been a bunch of news stories surrounding these…and it’s about time. It has taken a while but Information Security is now covered almost daily in the mainstream media – probably due to the high profile attacks over the last couple years and certainly due to the rash of breaches over the last several months.  You can Meet Dark Tangent, the hacker behind Black Hat and DEF CON or understand why the Feds Turn To Hackers To Defend Nation In Cyberspace.  There were also articles covering DEF CON: The event that scares hackers and how to stay off the Wall of Sheep in one of the most dangerous places to use a computer along with Defcon: The lesson of Anonymous? Corporate security sucks where, as one InfoSec practitioner said, ‘It's no coincidence that hack insurance is up,’ and that ‘he'd heard at the conference that a major corporation laid off security staff and bought hack insurance instead.’   Another, Big companies need to train staff about security is something I’ve written about numerous times… there’s a fun one that looks at how Photos show the cultural difference between Black Hat and Defcon hacker events and…a real scary one that talks about how a Black hat hacker can remotely attack insulin pumps and kill people

There was interesting data coming from Lookout Inc, a mobile security vendor who released its 2011 Mobile Threat Report.  With mobile devices being the fastest growing consumer technology and many of those being used in corporate environments, the report is something to check out.  They review both iOS and Android based platforms along with the various threats whether they be Application-based, Web-based, Network based or simply physical loss.  Lots of data and graphs to absorb but worth a read.  As a side note, I use Lookout on my personal Blackberry and really like it.

A few others that caught my eye while travelling included hackers compromising various police agencies, including departments in Missouri and Arizona…that the Cost of Cybercrime is Soaring up 56% in a year – anywhere from $1.5 million to $36.5 million for the median cybercrime cost.  At least, those that did take proper preventative measures realized a 25% cost savings verses those that didn’t…folks are wondering if Facial-Recognition Software the Next Security Threat…and you know it’s bad when Hackers breach chocolate recipe on Hershey website.

Lastly, if you didn’t see it, The First Website Ever Celebrates Its 20th Birthday.  Welcome back.

ps

Technorati Tags: F5, data breach report, threats, Pete Silva, security, malware, lookout, blackhat, cyber-threat, defcon, attacks, virus, vulnerability, web, internet, cybercrime, identity theft, scam, data breach

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

No comments:

Post a Comment