Corporate IT security

  • CybersecurityBusinesses looking to bolster cybersecurity

    Since the recent data breaches at retailers Target and Neiman Marcus, in which hackers stole millions of customers’ credit and debit card information, consumers have been urging card providers to offer better secure payment processors. Legislators have introduced the Data Security Act of 2014 to establish uniform requirements for businesses to protect and secure consumers’ electronic data. The bill will replace the many different, and often conflicting, state laws that govern data security and notification standards in the event of a data breach.

  • Heartbleed bugHow the Heartbleed bug reveals a flaw in online security

    By Robert Merkel

    The Heartbleed bug – which infects an extremely widespread piece of software called OpenSSL  — has potentially exposed the personal and financial data of millions of people stored online has also exposed a hole in the way some security software is developed and used. The Heartbleed bug represents a massive failure of risk analysis. OpenSSL’s design prioritizes performance over security, which probably no longer makes sense. But the bigger failure in risk analysis lies with the organizations which use OpenSSL and other software like it. A huge array of businesses, including very large IT businesses with the resources to act, did not take any steps in advance to mitigate the losses. They could have chosen to fund a replacement using more secure technologies, and they could have chosen to fund better auditing and testing of OpenSSL so that bugs such as this are caught before deployment. They didn’t do either, so they — and now we — wear the consequences, which likely far exceed the costs of mitigation.

  • CybersecurityMeasuring smartphone malware infection rates

    Researchers show that infection rates in Android devices at around 0.25 percent are significantly higher than the previous independent estimate. They also developed a technique to identify devices infected with previously unknown malware.

  • CybersecurityCapabilities-based – rather than actuarial -- risk analysis would make businesses safer

    Many businesses and organizations, when applying cost-benefit analysis and a risk-management analysis to measure cyber risk, are relying on the assumption that the likelihood of a future attack depends heavily on how many attacks have occurred in the past. Since there has yet to be a full-scale attack on critical infrastructure in the United States, it is simple to conclude that the risk of a cyberattack on critical infrastructure is low, therefore justifying low investment in additional security initiatives. An actuarial risk analysis may conclude that there is little likelihood of such as attack occurring, but a capabilities-based risk analysis recognizes that since adversaries are capable of such an attack, it is in an organization’s best interest to secure against it.

  • Cyber education“Hacker schools” grow to meet growing demand for programmers

    The increasing demand for computer programmers in the job market has led to the growth of “hacker schools,” an alternative to traditional education that offers students a quicker, cheaper, and effective way to learn computer programing. Hacker schools do not offer certificates or diplomas, instead they target students who currently have degrees in other fields but who want a career change.

  • Cybersecurity jobsWashington, D.C. area leads nation in cybersecurity jobs

    The Washington, D.C metropolitan area had more than 23,000 cybersecurity job postings in 2013, making the region the leading destination for cybersecurity jobs, followed by the New York metro area with 15,000 cybersecurity job postings in 2013. On a state-by state basis, Virginia ranks second and Maryland ranks sixth, with Virginia reporting 25.1 cybersecurity job postings per 10,000 residents and Maryland posting 18.1 jobs per 10,000 residents.

  • BusinessBlackstone to acquire Accuvant, an enterprise information security specialist

    Denver, Colorado-based Accuvant, a specialist in enterprise information security, has reached a definitive agreement under which Blackstone will acquire a majority stake in Accuvant as part of their private equity portfolio. The transaction is expected to close in April pending relevant regulatory approvals.

  • CybersecurityPlatform for operating systems would outwit cyber criminals

    As smartphone use surges, consumers are just beginning to realize their devices are not quite as secure as they thought. A Swedish research team is working on a way to secure mobile operating systems so that consumers can be confident that their data is protected.

  • Infrastructure protectionExperts call for a new organization to oversee grid’s cybersecurity

    In 2013, U.S. critical infrastructure companies reported about 260 cyberattacks on their facilities to the federal government. Of these attacks, 59 percent occurred in the energy sector. A new report proposes that energy companies should create an industry-led organization to deflect cyber threats to the electric grid. Modeled after the nuclear industry’s Institute of Nuclear Power Operations, the proposed organization, to be called the Institute for Electric Grid Cybersecurity, would oversee all the energy industry players that could compromise the electric grid if they came under a cyberattack.

  • CybersecurityNIST’s voluntary cybersecurity framework may be regarded as de facto mandatory

    The National Institute of Standards and Technology’s (NIST) voluntary cybersecurity frameworkissued in February establishes best practices for companies that support critical infrastructure such as banking and energy. Experts now warn that recommendations included in the framework may be used by courts, regulators, and even consumers to hold institutions accountable for failures that could have been prevented if the cybersecurity framework had been fully implemented by the respective institution.

  • Cybersecurity educationUniversity of Texas at San Antonio ranked top U.S. cybersecurity school

    The University of Texas at San Antonio (UTSA) ranks as the top school for cybersecurity courses and degree programs according to a Hewlett-Packard (HP)-sponsored surveyof 1,958 certified IT security professionals. The schools undergraduate and graduate programs received top marks for academic excellence and practical relevance.

  • Venture capitalCounterTack, developer of an end-point threat detection solution, closes out Series B funding at $15 million

    CounterTack, a developer of real-time endpoint threat detection solutions, has closed out its Series B financing round with an additional $3 million to complete a $15 million raised. With this extension, the Venture Capital unit of Siemens (SFS VC) joins CounterTack investors including Goldman Sachs, Fairhaven Capital, and a group of private financiers to fund an accelerated technology expansion and market delivery of CounterTack’s Sentinel platform.

  • Venture capitalCloudLock, a cloud security specialist, raises $16.5 million Series C round

    CloudLock, a cloud security specialist, has raised $16.5 million in a Series C funding round from new investor Bessemer Venture Partners, and participation of existing investors Cedar Fund and Ascent Venture Partners. The company says that 2013 saw continuing growth in adoption by cloud-bound organizations of the company’s people-centric security automation approach, with a pure SaaS content-aware and policy-based solution, by companies in different verticals, across multiple cloud platforms like Google Apps and Salesforce.

  • CybersecuritySkeptics doubt voluntary Cybersecurity Framework will achieve its goal

    The Framework for Improving Critical Infrastructure Cybersecurity, developedby NIST following Executive Order 13636to promote cybersecurity, has been received with both support and skepticism from critical infrastructure industries. The 41-page document, put together by industry and government experts, offers guidelines on cybersecurity standards and best practices to critical infrastructure firms. It says its role is to be a complement to industries’ existing risk management practices.Skepticssay that without incentives, legislation, or enforcement, the guidelines will not be adopted.”The marketplace will punish any company that implements anything that could be considered excessive security, because it will increase their costs,” says an industry insider.

  • CyberwarfareIsraeli defense company launches cybersecurity solutions section

    In recent months the Israel Aerospace Industries (IAI) has increased its cyberdefense-related activities. Esti Peshin, director of the company’s cyber section and a veteran of the IDF’s hush-hush sigint Unit 8200, says IAI is now developing solutions for clients in Israel and abroad. “We’re a start-up, but with the backing of a company that earns $3.5 billion a year,” she said. Ultimately, she implied, these defensive measures can be turned into offensive capabilities. “Intelligence is a subset of attack,” Peshin said. “This is, first of all, a national mission.”