Archive for the ‘IT’ Category

Security Outsourcing Gains as Companies Seek Expertise

Tuesday, March 24th, 2009

By Neil Roiter. Senior Technology Editor, Information Security magazine
23 Mar 2009 | SearchSecurity.com

securityMore than 60% of midsized and large enterprises in the U.S. and Western Europe are either outsourcing or considering outsourcing at least part of their security operations, according to a recent survey.

The Symantec survey of 1,000 companies with a median size of 10,000 to 25,000 employees showed that about a quarter were now using managed security service providers (MSSPs) or some other form of outsourced security. Another third are either evaluating outsourced security or plan to do so over the next 12 months.

Dollars and head counts don’t tell the whole story, however. Many companies reported difficult finding and hiring people with the required security skill sets. Accordingly, nearly half the respondents cited access to expertise as a reason to adopt or evaluate outsourcing.

The findings mirror Symantec’s own experience, says Grant Geyer, vice president of managed services at Symantec.

 ”Customers come to us for three reasons,” Geyer said. “They don’t have staff or expertise to handle security in house; they have the staff, but want to keep them focused on more strategic projects; or they have had a breach, have a gap identified and quickly need to shore up the walls.”

 Not surprisingly, reducing overall costs and mitigating security risks were also frequently cited reasons for outsourcing. Enterprises also cited (in descending order) predictability in expenses, the burden of regulatory requirements, focusing in-house IT resources on the core business and easing staffing challenges.

Image source: http://www.conexio.com

Tags: , , , , ,
Posted in General Corporate Asset Protection, IT, Information Security | No Comments »

Senator’s computers hacked!

Monday, March 23rd, 2009

Bill_nelsonxlarge” Cyber-invaders.”  That’s what Sen. Bill Nelson (D-Fla.) calls the hackers who have already twice this month broken into two PC workstations used by several of his key staff members.

Although no classified information was kept on the breached PCs, the break-in demonstrates system vulnerabilities at the highest levels of government.

In fact, Nelson says similar breaches on Capitol Hill computer networks are on the rise in recent months, based on reports from various Capitol Hill IS offices.

“The threat to our national security, to be sure, is real; and, it will require significant investment and inter-agency coordination at an unprecedented level to gain an upper hand against would-be cyber criminals and spies,” Nelson said in a statement. “These are anxious days, when you consider the threat from such espionage facing our country and recent developments on this front.”

These and other more serious breaches have led Nelson, along with Sen. Jay Rockefeller, D-W.Va. and Sen. Olympia Snowe, R-Maine, to call for the creation of a permanent national “cyber-security czar” reporting directly to President Obama. The threee Senators have begun drafting legislation that, if passed, will require federal oversight and review of both government and “critical private networks,” and create a “public-private clearinghouse for cyber threat and vulnerability information-sharing.”

Furthermore, another group of security and privacy experts has requested that President Obama create a federal library of data breach information in their report titled, The Perfect Storm: Why the New Administration Cannot Ignore Identity Theft.

Nelson’s call for tougher U.S. cybersecurity oversight comes less than two weeks before management consultant Melissa Hathaway is due to deliver the results of her 60-day review of current U.S. cybersecurity policy to President Obama.

Photo: Nelson (Tim Dillon/USA TODAY)

Tags: , , , , , ,
Posted in General Corporate Asset Protection, IT, Information Security | No Comments »

Defense Firms seek Cyber Security Assignments

Wednesday, March 18th, 2009

According to an article in today’s Wall Street Journal, “U.S. agencies from the Pentagon to the Department of Homeland Security have experienced major cyber-break-ins in recent years, even into classified systems. Cyberspies also have siphoned off critical data from Pentagon contractors, including one breach that cost a major aerospace contractor $15 million.”

Annual U.S. losses from cyber breaches are estimated to be in the billions of dollars, and there is legitimate concern that a nuclear power plant or subway line could be hacked via the Internet; or data being breached at the nation’s larger financial firms.

dilbert_data_security1According to the WSJ, “Anticipating the demand, defense companies are bolstering training, buying smaller firms and hiring former top government officials. The move into the cyber-security field could offer new revenue streams for the contractors and help offset declines stemming from budget pressures on the Defense Department’s traditional weapons systems.”

However, third-party contractors also need to watch their own network security, said Tom Kellermann, a vice president at Core Security Technologies, citing a Verizon report last year that found 39% of cyber breaches implicated contractors and other third parties.

The bottom line is that, in order to provide true value in the cyber security arena, Government Contractors must not only provide technology solutions, but also ongoing training and education.

After all, “technology tends to be a reactive measure… Technology is a great thing once we’ve understood the processes, policies, and procedures that we want to use… but you can’t start with technology… If you [do], you’re bound to fail”- John Pironti, BankInfoSecurity Interview, 11/6/07.

Tags: , , , , , , ,
Posted in General Corporate Asset Protection, IT, Information Security | No Comments »

New Insider Threat Emerges in the New Economy

Tuesday, March 17th, 2009

In today’s SecurityWire, sent out by SearchSecurityLumension’s new Whitepaper speaks to the costs of malicious insiders. Excerpts from the white paper support that pairing ongoing training with technology solutions is more effective than technology alone when it comes to minimizing insider threats:

photo source: www.kval.com

photo source: www.kval.com

“Whether an insider steals information for financial gain or simply leaves the organization open to a breach due to sloppy practices, the risks are costly to an organization. According to analysts with Forrester Research, the typical data breach can cost a company between $90 and $305 per lost record

“According to the Internet Threat Resource Center, 24 percent of all data breaches that hit financial institutions in 2008 were caused by insider threat. Similarly, 20 percent of government breaches and 16 percent of other business breaches were caused by internal attacks…

“In order to neutralize the threats posed by insiders, IT departments must take away the means and the opportunities to commit crimes. By creating strategic policies and by automating the monitoring, enforcement and reporting of those policies, organizations can understand how employees and partners are engaging with IT assets and intellectual property.”

Tags: , , , , , , , ,
Posted in General Corporate Asset Protection, IT, Information Security | No Comments »