David Geer

Author Archives: David Geer

Are vendors on the wrong path where smart plant security is concerned?

As the number of smart plants that use M2M, sensors, and other ICT continue to rise, so too does the lure for attackers. Manufacturing, energy, and utilities sectors are reportedly spending a combined 206.51 billion Euros globally on ICT in 2019, says Shuba Ramkumar, senior research analyst, Frost & Sullivan. Organizations are connecting systems to the Internet that they once kept purposely siloed for safety. “Smart plants face new challenges due to the ever-expanding connectivity of their control systems as they link into and rely on business operations and remote monitoring and management,” says Graham Speake, lead trainer at the SANS Institute and a 30-year cyber security industry veteran.To read this article in full or to leave a comment, please click here(Insider Story)

How to identify and thwart insider threats

It is often cited that an enterprise’s employees are its biggest vulnerability. What are company’s doing about it? In a significant number of cases, companies are perhaps doing nothing.According to the SANS Institute and SpectorSoft, 74 percent of the 772 IT security professionals they recently surveyed are “concerned about malicious employees.” The survey pool spans 10 industries including financial, government, and technology and IT services. The survey data also shows that 32 percent of respondents “have no technology or process in place to prevent an insider attack”.To read this article in full or to leave a comment, please click here

Keep these cybersecurity holidays marked on your calendar

It’s no happy day for enterprises when cyber thugs celebrate their favorite ‘holidays’—special days when they attack with even more cunning and fervor. Learn these days and get ready to respond to related exploitations.  Software Support Retirement / End of Support Day. This is the date when support ends for any OS or software package. Unsupported software leaves enterprises open to attack. Because the vendor will no longer make general releases of security patches, each new hole attackers uncover will remain vulnerable. To prepare for this day and defend the enterprise against such attacks, investigate the availability of extended support offered by the vendor at a premium. Weigh that cost against an investment in deploying the latest software product or version that replaces the older product. Either of these avenues is going to cost you.To read this article in full or to leave a comment, please click here

Send attackers on a wild goose chase with deception technologies

Midsized companies with revenues from $100 million to $1 billion spent an average of $3 million on information security as of 2014 per “The Global State of Information Security Survey 2015” from PwC.“I promise you, bad guys are not spending $3 million to break into your organization,” says Allen Harper, chief hacker, Tangible Security. Still information burglars are getting through.And since 92 percent of IT and security professionals surveyed globally use signature-based antivirus software on their servers, despite AV’s inability to stop advanced threats and targeted attacks, according to Bit9’s 2013 Server Security Survey, exploits such as zero-days, which have no signatures give attackers the upper hand.To read this article in full or to leave a comment, please click here

Attackers clone malware-laden copies of popular apps

Criminal hackers have hacked/cloned most of the top 100 paid apps and top 20 free apps for Android and iOS, according to data from Arxan’s State of Mobile App Security report, 2014. These attackers use the infected apps to gain entry to the enterprise in order to compromise its most treasured information.And with the movement toward doing networking in software, the ability to enable micro-segmentation to add policy-based traffic analysis and filters between any pair of endpoints is becoming an additional security option, which enterprises should consider.To read this article in full or to leave a comment, please click here(Insider Story)

Flappy apps give users the angry bird

Sadistic software switchersSadistic software switchers have been known to swap in malicious versions of these seven popular mobile apps.RELATED: Attackers have cloned malware-laden copies of the most popular apps your employees useTo read this article in full or to leave a comment, please click here