2011 - The Year In Security So Far

2010 was a year filled with breaking news of big companies that had data breaches and exposed the personal data of millions. Who can forget the stories of companies like McDonald’s, Walgreens, and the AT&T iPad exposure? These are just a couple of the top stories from last year.

To date this year, cybercrime has absolutely outperformed last year. Criminals are breaching even more well-known and trusted companies, and getting away with even more data.

• Sony – Hackers stole over 100 million personal records from the Sony Online Entertainment system.
• RSA – Makers of security tokens, RSA, had their SecurID devices compromised as the results of a security breach. The company provides security tokens to 25,000 organizations and an estimated 40 million people use the tokens.
• Some of the information collected in the breach was used as an element of an attempted attack on Lockheed Martin.
• Epsilon – We wrote a previous blog post about the breach at Epsilon, the company that handles email communications for over 2,500 companies including Best Buy, Capital One, JP Morgan, TiVo, US Bank, and more.
• Other companies or organizations that have been hacked this year so far include:
• NASA’s Goddard Space Flight Center, who lost confidential satellite data
• InfraGard, a FBI affiliate
• European Commission
• WordPress
• Trip Advisor
• The Institute of Electrical and Electronics Engineers (EEE)
• Gawker Media
• Trapster
• The Pentagon’s official credit union

Securitynewsdaily.com reports that the experts are concerned that companies, small and large, aren’t taking security seriously enough. They also foresee the trend only getting worse until companies start making changes. Cyber criminals are choosing companies with weak security and prey on their weakness. Ondrej Krehel, information security officer for Identity Theft 911, says that companies that have switched to less expensive data storage solutions, "such as cloud computing," may have erred on the side of convenience and left themselves vulnerable in the process.

A first step in the right direction for enterprises, commercial banks, and other organizations is to invest in SafeCentral’s WebProtection™ to make sure VDIs and cloud services connections are secure and that the endpoint data is safe.

SafeCentral’s WebProtection™ is a one-time install application that actually assumes that your machine is already infected with malware and ensures that the information on your computer stays secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Learn more about how it actually works and how it keeps your information safe at www.SafeCentral.com.

SafeCentral Quoted in Processor Magazine

Processor Magazine ran a great feature in their February 25, 2011 issue named “Boost Your Enterprise Security”. The article discussed different threats to today’s enterprise security structures and what steps enterprises can take to prevent breaches and malicious infiltration. Several experts within the security industry including our own, CTO Ray Dickenson, contributed to the article.

The article covers several areas within security including the importance of keeping processes and policies up-to-date and that these processes are continuously updated as elements such as new staff, applications and threats that have an impact on the environment changes. One of the experts interviewed in the article also points out that it is imperative to have action plans in place so that if something does happen, the damage can be minimized and problems can be handled efficiently.

Other preventative measures enterprises can take as recommended in the article include creating a full-time high-level security position that can create or manage a security program for the entire organization; carefully monitor and control the use of portable devices; perform regular penetration testing of external and internal systems, possibly using an outside team rather than the standard IT staff; and using behavior profiling or key metrics such as privileged user activity, after-hours access, network traffic, policy changes, etc. Another great suggestion is that enterprises can use some of their existing solutions and repurpose as security solutions, such as network based anomaly detection.

The top tip discussed in the article is to address mobile devices. SafeCentral’s Chief Technology Officer, Ray Dickenson, stated that mobile devices part of any enterprise’s security realm regardless of their security policies and it’s a good idea not to ignore their presence. He goes on to urge enterprises to update network policies and employee handbooks to include the use of portable devices, explaining how and when employees can connect to, store, and forward corporate data. It is most important that employees know to never leave data behind on a device that is discarded.

To read the full Processor Magazine article and more of Ray’s quote, download and read it here: http://www.processor.com/editorial/article.asp?Article=articles/p3304/20p04/20p04.asp&GUID=.