It is becoming clear that the prevailing piecemeal approach to security is no longer sufficient to thwart increasingly sophisticated attacks. Gaps in coverage provide possible entry points, blended attacks in several sectors can mask the actual threat, and sophisticated attacks involving multiple targets and approaches can find their way around many current defenses. Interest is growing in unified threat management (UTM) for small to medium-sized businesses, which centralizes all network intrusion response in a single device, and next-generation firewalls (NGFs), which defend against most of the same things but are aimed at the enterprise. Although some currently define these as separate product areas, major vendors are now providing this form of protection as a continuum. Read more
Insight into the information security and privacy issues enterprises grapple with.
We’ve been rounding up Dennises lately: Dennis Adams and Dennis Hogarth have joined our team of expert consultants. But along with the Dennises, we welcome Nancy Williams, Murray Cantor and Don MacIntyre. Dennis Adams is a long time Cutter contributor. He’s frequently presented the academic viewpoint for Cutter Benchmark Review. (If you’re not familiar with CBR, it partners academics and practitioners who co-write a survey, analyze the data, and then write opinion pieces — influenced by their academic/practitioner perspective — that are based on the findings. Looking at an issue or technology from both an academic and practical perspective gives CBR readers the 360 view they won’t otherwise see.) Now Dennis will add his expertise Read more
It took home improvement retailing giant Home Depot about a week before it finally confirmed it had suffered a data breach. Home Depot first reported the possibility of a breach on 2 September 2014, but did not actually confirm the hacking until 8 September. During that time, the company made somewhat vague statements that it was still carrying out an investigation to determine whether or not its systems had actually been compromised. Based on the company’s recent press release confirming the breach (see “The Home Depot Provides Update on Breach Investigation“), it appears that Home Depot’s internal IT security team was unaware that its payment data systems had been compromised. Instead, it looks as if Read more
There are very few more pressing issues in management today than cyber security. Notice that I didn’t say IT management; I said management. When the hacking of a major US retailer (Target) leads to the loss of billions of dollars in stock value and sales and the removal of not only the CSO, but the CIO and ultimately the CEO as well, stockholders, investors, and customers take notice. Organizations worldwide depend increasingly on information and communications technology to operate and manage 24/7/365, and wireless devices, BYOD, social media, and the like all combine to make the jobs of those responsible for cyber security exponentially more difficult. Like the Dutch boy and the dike, security people worldwide have Read more
As mobile computing has made sophisticated, digitally-mediated interactions possible in both personal/consumer and business-like capacities (BYOD) – the market and the challenges associated with it have exploded. Taking a step back to when the technologies that underpin mobile computing and networking were developed, it was assumed that each user had some level of expertise, that the use cases were quite limited in scope, and that the overall numbers of users were constrained. Fast-forward to present day, the massive scale of mobile computing adoption, the broad scope of supported use cases, and the “naive” user base has created a number of serious issues that the IT industry must grapple with now. Chief among these problems is Read more
If one listed the top technology concerns for CIOs and CEOs around the world, cybersecurity has to be right at the top. Over the last year, serious data breaches have been increasingly common. Perhaps the most publicized was the one that occurred at Target during the Christmas season last winter. Millions of customers’ credit information was disclosed and Target did not discover/acknowledge the breach for nearly three weeks. The ensuing scandal cost the CSO, CIO and eventually the CEO their jobs and the company hundreds of millions of dollars in lost sales and in falling stock prices. Recently, EBay’s PayPal subsidiary disclosed that it had been broken into in February 2014 and the breach was Read more
The ongoing IRS scandal, in which various groups were targeted according to keywords such as “tea party” in the search for infractions, has important lessons for emerging big data techniques. Because analytics based on huge amounts of streaming social data linked with demographics provide the possibility of creating social profiles, a door has been opened for new types of abuse that may create invisible legal issues. Profiling has always been problematic, but it has generally been overt, and the result of a conscious decision. Invisible social profiles, on the other hand, might not even be fully understood by the analyst. The IRS example is fairly primitive, and is actually at least partly a response to Read more