This month we’ve got four stories that neatly sum up the challenges IT security professionals face in their attempts to protect corporate data. They include a mix of breaches caused by human error, a lack of encryption, and some cleverly disguised malware. Two States Suffer Medicaid-related Security Breaches This headline from an InformationWeek story pretty much says it all: “2 Medicaid Data Breaches, 1 Weak Link: Employees.” Here’s the story of the latest Medicaid-related breach: The South Carolina Department of Health and Human Services (SCDHHS) discovered on April 10 that an employee of the state’s Medicaid program had transferred personal… Continue Reading ›
Security Breach Roundup: From Human Error to Well-hidden Malware, There’s No Shortage of Threats
May 1, 2012 By Leave a Comment
Unified Threat Management: Strong IT Security Tools for SMBs
April 2, 2012 By Leave a Comment
In a brief discussion the other day with our partner Fortinet, we learned that they had recently received the top marks in the Gartner report on the Unified Threat Management marketplace. Not that we were all that surprised, Fortinet has been a leading voice and vendor in IT Security since their inception. A key reason is that small and midsize businesses face the same security threats as large enterprises but are at a distinct disadvantage in terms of being able to defend themselves, since they don’t typically have the budget to spend on security experts. What they need is… Continue Reading ›
Security Breach Roundup: A Heavy Dose of Scary Security Facts and Suppositions
March 31, 2012 By 1 Comment
We’re taking a slightly different tack than usual with this month’s security breach report by focusing on a couple of security studies and an interview with a high-profile security expert, although we will report on one high-profile breach at a certain U.S. space agency. Clarke Asserts China Has Hacked Every Major U.S. Company After reading this first item it’s tempting to just stop doing these roundups and make a simple declaration: everyone’s been breached. We can stop counting. But the warning from Richard Clarke, a former terrorism, cybersecurity and cyberterrorism advisor for the White House, is quite serious, as reported… Continue Reading ›
Calls for Cooperation and Threats of Doom from RSA Conference
March 4, 2012 By Leave a Comment
The week-long RSA Conference 2012 security confab wraps up in San Francisco today and after hearing several of the more than a dozen keynote speeches, two themes emerged: companies have to help each other deal with threats and getting hacked is now inevitable. Dealing with Threats Requires Close Cooperation In his opening keynote Art Coviello, Jr., Executive Chairman of RSA, was the first to call for morecooperation in sharing data about threats. Of course, RSA itself was the victim of a well-publicized attack last year, the result of a well-executed phishing attack. The sting of that attack was evident, and… Continue Reading ›
Security Breach Roundup: Short Month, Many Breaches
March 1, 2012 By Leave a Comment
For this month’s security breach roundup we once again have some big names in the news and perhaps the best headline you’ll ever read in this roundup. A Six-Pack of Security Breaches I love it when others make my job easier, as the fine folks at Ars Technica have with this piece under the headline, “Breaches galore as Cryptome hacked to infect visitors with malware.” (And no, that’s not the gem referenced above; that comes later.) A breach that caused Cryptome.org to infect visitors with virulent malware was one of at least six attacks reported to hit high-profile sites or… Continue Reading ›
Effective Security Breach Response Takes Planning and Testing
February 14, 2012 By Leave a Comment
IT Security breaches are in the news seemingly every day, at companies both large and small. (For evidence, look no further than our own monthly security breach roundups, such as this one and this one.) No company is immune from a potential security breach, so no company should be without a sound breach response plan. “It’s a little like a fire evacuation plan,” says Thorsten Behrens, lead IT security architect for Carousel Industries. “Don’t figure it out when the building’s on fire; do it beforehand.” We talked to Behrens to learn what a good security breach response plan should look… Continue Reading ›
IT Security Breach Roundup: Big Names and Big Numbers
February 2, 2012 By 1 Comment
It’s tough to decide where to start with the January IT Security Breach Roundup. We’ve got a major-league Internet retailer getting hacked (and sued), yet another security company suffering a breach and a large community college finding out malware has been collecting personal data – for more than a decade. Zappos Suffers Security Breach – and Promptly Gets Sued We’ll give top (dubious) honors to Zappos, given its high profile, many customers and the fact that it’s owned by Internet giant Amazon. As redOrbit reported on Jan. 16: Online clothing retailer Zappos.com announced to its 24 million customers in a… Continue Reading ›
Security Breach Roundup: Anonymous Strikes Again
December 28, 2011 By Leave a Comment
For our final security breach roundup of 2011 we’ve got two breaches involving charitable giving and another involving the credit card industry. We’ll wrap up with some numbers and highlights of the year’s biggest security breaches. Robin Hood-like Hackers Breach Security Company Site In an attack reminiscent of the breach of the security firm RSA earlier this year, the hacker group Anonymous is claiming responsibility for a breach of the website of Stratfor Global Intelligence, a company that provides strategic intelligence on global business, economic, security and geopolitical affairs. Their intent, according to a story in The New York Times,… Continue Reading ›
Survey Points to Serious Issues with Firewall Management and Compliance
December 8, 2011 By Leave a Comment
With the furious rise in cybercrime, well maintained and audited network firewalls are a critical line of defense. However, firewalls are apparently spinning out of the control of IT, at least according to a recent survey by Tufin Technologies, which makes software for automating security processes. Given the source you are free to take the survey results with a grain of salt, but if there’s even a modicum of truth to the survey, it points to some real problems. Firewall change management is a sticking point For starters, 67% of the 100 network security professionals surveyed, all of whom… Continue Reading ›
Security Breach Roundup: From big names like Facebook to an Illinois water plant and – say it ain’t so – Santa’s workshop
November 30, 2011 By Leave a Comment
November saw one high-profile company – Facebook – suffer a significant security breach while two other big names were accused of breaches but deny it. Also unclear is whether a public water utility in Illinois was breached, a case that raises the specter of some truly frightening scenarios. Finally, we’ve got a report on a security company with a sense of humor – just in time for the holidays. Facebook hack The Washington Post reports on how the Facebook hack came about: According to Facebook, users were somehow tricked into copying and pasting malicious code into their browser bars. Hackers… Continue Reading ›
