Corporate IT security

  • CybersecurityInternet security market to reach $42.8 billion globally by 2020

    According to a new report by Allied Market Research, the global Internet security market is expected to reach $42.8 billion by 2020, registering a CAGR of 8.1 percent during 2014-2020. The market, driven by demand for software solutions, would experience a shift toward the adoption of cloud-based systems. About 80 percent of the top companies today identify with cloud-based security services which have become a prominent market trend.

  • CybersecurityMore companies adopt active defense to thwart hackers

    Some U.S. companies are beginningto counter-hack cybercriminals by using intelligence shared within industry circles. Federal officials have not openly endorsed active defense, but measures like tricking hackers into stealing fake sensitive data, then tracking its movements through the Web, are gaining support. Some firms have gone as far as hacking alleged criminals’ servers. “The government is giving ground silently and bit by bit on this [active defense] by being more open,” said former National Security Agencygeneral counsel Stewart Baker. “I have a strong sense from everything I’ve heard. . . that they’re much more willing to help companies that want to do this.”

  • CybersecurityU.S. government networks vulnerable despite billons spent on protecting them

    Experts say that cybersecurity has leaped over terrorism as the top threat to U.S. security, and with the awareness of the threat comes funding better to secure government systems. There are currently 90,000 information technology security professionals working for the government, 33 percent of them are contractors. The federal government is projected to hire more cyber professionals and spend $65 billion on cybersecurity contracts between 2015 and 2020, but today, federal cybersecurity officials are still struggling to keep sensitive data from hackers and cyber criminals. Some have warned of a “Cyber Pearl Harbor” — but Pearl Harbor was a surprise. No one in business or government today can continue to plead surprise when it comes to the possibility of cyberattack.

  • CybersecurityInformation sharing is key in responding to cyberattacks

    Time is not your friend when your information systems are under cyberattack, but sharing threat information before, during, and after an attack with a trusted group of peers can help. Not only does it alert the other members of your community to a potential attack, it can provide critical actionable information to speed and bolster your own defenses. Participating in a formal information sharing group can greatly enhance an organization’s cybersecurity capabilities.

  • CybersecurityThe best cyberdefense is cyber offense, some experts say

    In response to the surge in cyberattacks against the U.S. private sector, some firms are exploring “active defense” measures which they hope will send a message to hackers.Some cyber analysts say tougher defense will not deter new cyberattacks, and some sort of offensive action is needed. “I think you are morally justified for sure” in taking such actions, a former high DHS official says. “And I think the probability of being prosecuted is very low.” If a firm locates its stolen data and is capable of recovering it, “they would be crazy not to.”

  • CybersecurityBanks collaborate to thwart cybercrime

    The Financial Services Information Sharing and Analysis Center (FS-ISAC), a cybersecurity information sharing group, has teamed up with the Depository Trust & Clearing Corporation to form Soltra. Named after a series of fire signals that were used in Europe hundreds of years ago to warn against invaders, the organization alerts member banks of incoming or potential cyber threats.

  • Security businessSecurity contractor USIS failed to notice months-long hacking of its computer systems

    A new report reveals that the cyberattack on security contractor USIS, similar to previous attacks by Chinese government hackers on U.S. firms, was infiltrating USIS computer systems for months before the company noticed. The breach, first revealed publicly by the company and the Office of Personnel Management(OPM) in August, compromised the records of at least 25,000 DHS employees.

  • CybercrimeContactless cards fail to recognize foreign currency

    New research has highlighted a “glitch” in the Visa system which means their contactless cards will approve foreign currency transactions of up to 999,999.99 in any foreign currency. Side-stepping the £20 contactless limit, transactions can be carried out while the card is still in the victim’s pocket or bag. Transactions are carried out offline, avoiding any additional security checks by the bank, and although the current system requires the credit card to authenticate itself, there is currently no requirement for the POS (point of sale) terminal to do the same.

  • CybersecurityGeorgia Tech releases 2015 Emerging Cyber Threats Report

    In its latest Emerging Cyber Threats Report, Georgia Tech warns about loss of privacy; abuse of trust between users and machines; attacks against the mobile ecosystem; rogue insiders; and the increasing involvement of cyberspace in nation-state conflicts.

  • Cyber insuranceSurge in cyberattacks drives growth in cybersecurity insurance

    More than 3,000 American businesses were hacked in 2013, many of them small and mid-size firms without cybersecurity insurance. That surge in cyberattacks has led to a growing cybersecurity industry, with firms offering products and solutions to secure network systems. Insurance companies are also claiming their stake in the booming industry. Today, roughly fifty U.S. companies offer cybersecurity insurance. American businesses will spend up to $2 billion on cyber-insurance premiums this year, a 67 percent increase from the $1.2 billion spent in 2013.

  • CybersecurityNew cyber initiative to put Israel’s Beer-Sheva region on the world’s cyber map

    Ben-Gurion University of the Negev is a central component of the new CyberSpark initiative, an ecosystem with all the components which will allow it to attain a position of global leadership in the cyber field. The CyberSpark initiative is the only complex of its type in the world – a government-academic-industry partnership which includes Fortune 500 companies and cyber-incubators, academic researchers and educational facilities, as well as national government and security agencies. The CyberSpark Industry Initiative will serve as a coordinating body for joint cyber industry activities with government agencies, the Israel Defense Force (IDF), and academia.

  • CybersecurityNew approach to computer security: Wrist-bracelet

    In a big step for securing critical information systems, such as medical records in clinical settings, researchers have created a new approach to computer security that authenticates users continuously while they are using a terminal and automatically logs them out when they leave or when someone else steps in to use their terminal. The approach, called Zero-Effort Bilateral Recurring Authentication, or ZEBRA, requires the user to wear a bracelet with a built-in accelerometer, gyroscope, and radio on his or her dominant wrist; such bracelets are commonly sold as fitness devices. When the user interacts with a computer terminal, the bracelet records the wrist movement, processes it, and sends it to the terminal.

  • CybersecurityA tool helps malware identification in smartphones

    With the massive sales of smartphones in recent years (more than personal computers in all of their history), malware developers have focused their interest on these platforms. The amount of malware is constantly increasing and it is becoming more intelligent. Researchers have developed a tool to help security analysts protect markets and users from malware. This system allows a large number of apps to be analyzed in order to determine the malware’s origins and family.

  • Cyberattack insuranceEnergy companies slow to buy cyberdamage insurance

    The U.S. oil industry will spend $1.87 billion on cybersecurity defense systems by 2018, but less than 20 percent of U.S. companies overall are covered for cyberdamages. “Imagine what could happen if a large refinery or petrochemical facility’s safety monitoring systems were hijacked near an urban area, or a subsea control module was no longer able to be controlled by the people who should be controlling it,” says one expert. “As we’ve all seen from Deepwater Horizon [the 2010 BP Gulf oil spill] those risks and damages can be astronomical. It requires an immediate response.”

  • CybersecurityFinancial firms go beyond NIST's cybersecurity framework

    The National Institute of Standards and Technology(NIST) released its Framework for Improving Critical Infrastructure Cybersecurityin February 2014. Utilities, banks, and other critical industries welcomed the guidelines, but many considered the framework to be a baseline for what was needed to continuously protect their networks from cyberattacks. Some financial firms have developed industry-based cyber policies through association such as the Financial Services Information Sharing and Analysis Center’s (FS-ISAC) Third Party Software Security Working Group. The group has been reviewing cyber policies since 2012, before the NIST guidelines were finalized.