This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. Recently I was engaged by a large corporation for a writing project to support a product launch. This project had a small team of people who needed to collaborate on developing some promotional materials using content that had to remain confidential until launch day.The company was so protective of the content's secrecy that it provided me with a company-issued laptop computer, VPN access to their network, and a login ID for their network. In particular, I was given behind-the-firewall access to the SharePoint repository where the in-progress documents were kept. This way I was fully integrated into the internal team for the duration of the project, and the confidential documents would never have to leave the safety of the company's network.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. In a nod to the benefits of containers, the financial services giant Goldman Sachs Group has announced it's in the midst of a year-long project to move 90% of its software into containers. The shift involves some 5,000 applications as well as the firm's software infrastructure.As reported in The Wall Street Journal, Don Duet, the co-head of Goldman Sachs' technology division, says this move will create a better software environment for his company. The staff of more than 8,000 software developers can focus on creating new products and tools, while the runtime process is automated, thus reducing labor and infrastructure costs. In addition, the use of containers will create standards for packaging and distributing different kinds of software.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. The Ponemon Institute published a report called The Cost of Malware Containment that reveals some interesting statistics—none of which will surprise the people in the trenches who work hard every day to protect their organizations' networks.Ponemon surveyed 630 IT and IT security practitioners who have responsibility for detecting, evaluating and/or containing malware infections within their organization. According to the research, organizations receive an average of nearly 17,000 malware alerts a week. Of these, fewer than 20% (3,218) are considered reliable, meaning the malware poses a genuine threat and should be investigated. And even though more than 3,200 alerts are worthy of investigation, only 4% (705) actually do get investigated.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. The Ponemon Institute published a report called The Cost of Malware Containment that reveals some interesting statistics—none of which will surprise the people in the trenches who work hard every day to protect their organizations' networks.Ponemon surveyed 630 IT and IT security practitioners who have responsibility for detecting, evaluating and/or containing malware infections within their organization. According to the research, organizations receive an average of nearly 17,000 malware alerts a week. Of these, fewer than 20% (3,218) are considered reliable, meaning the malware poses a genuine threat and should be investigated. And even though more than 3,200 alerts are worthy of investigation, only 4% (705) actually do get investigated.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. If you want to get some insight to the trends of mobility in the enterprise, the guy to talk to is Ojas Rege, vice president of strategy for MobileIron. I caught up with him recently and he talked about four major trends that will have a big impact in the years ahead.The first trend is what is happening from the application security perspective. Enterprises started to get interested in mobile apps about five or six years ago. The larger screen real estate of the Apple iPad really opened companies' eyes to what could be done with mobile apps. The earliest applications were rather ad hoc, usually project-based. Then organizations began building apps around their business workflow, and security became a bigger issue.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. Cyber attackers use deception to try to get inside your network by doing everything from spoofing email addresses in spear phishing attacks to hiding malware on legitimate websites. So, if deception is standard operating procedure for the bad guys, perhaps it's time to fight back with some deception of your own. In fact, Gartner says it's a good complement to your existing security infrastructure.Deception technology designed to lure and trap malicious actors has been around since at least 1999 when Lance Spitzner, founder of the Honeynet Project, published a paper on how to build a honeypot. Early honeynets were pretty resource intensive and they had to be maintained to ensure the honeynet wasn't turned against the host organization. Since then, the advent of virtual machines has helped ease the deployment and use of deception technology.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. Cyber attackers use deception to try to get inside your network by doing everything from spoofing email addresses in spear phishing attacks to hiding malware on legitimate websites. So, if deception is standard operating procedure for the bad guys, perhaps it's time to fight back with some deception of your own. In fact, Gartner says it's a good complement to your existing security infrastructure.Deception technology designed to lure and trap malicious actors has been around since at least 1999 when Lance Spitzner, founder of the Honeynet Project, published a paper on how to build a honeypot. Early honeynets were pretty resource intensive and they had to be maintained to ensure the honeynet wasn't turned against the host organization. Since then, the advent of virtual machines has helped ease the deployment and use of deception technology.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. You know it's bad when a cyber crime wave makes victims out of U.S. police departments. Law enforcement agencies in at least seven states have been blackmailed by cyber attackers using ransomware. Data on departmental computers has been encrypted by malware and held hostage, with the demand that a ransom be paid in bitcoins. Unaccustomed to giving in to criminals, many of the agencies refused to pay and subsequently lost access to their information forever.Cyber criminals also have been targeting U.S. hospitals. In one high profile case, a California hospital lost access to its critical patient records for a week until a ransom worth about $17,000 was paid. Experts estimate this particular facility was losing as much as $100,000 a day in just one department because it wasn't able to perform CT scans without access to its data.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. You know it's bad when a cyber crime wave makes victims out of U.S. police departments. Law enforcement agencies in at least seven states have been blackmailed by cyber attackers using ransomware. Data on departmental computers has been encrypted by malware and held hostage, with the demand that a ransom be paid in bitcoins. Unaccustomed to giving in to criminals, many of the agencies refused to pay and subsequently lost access to their information forever.Cyber criminals also have been targeting U.S. hospitals. In one high profile case, a California hospital lost access to its critical patient records for a week until a ransom worth about $17,000 was paid. Experts estimate this particular facility was losing as much as $100,000 a day in just one department because it wasn't able to perform CT scans without access to its data.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. Last year the world watched in awe as NASA's New Horizons spacecraft sent stunning pictures of Pluto back to Earth. New Horizons had traveled 3 billion miles across the solar system over a decade's time to make its closest approach to Pluto—about 7,750 miles above the surface. That's roughly the same distance from New York to Mumbai, India.This is quite an impressive scientific achievement. But what if one small bug in the navigation software had sent the spacecraft millions of miles off course? Instead of viewing the mesmerizing Pluto terrain nicknamed "the heart," disappointed NASA scientists would instead be looking at a whole lot of black nothingness. To ensure that nothing like that happens, NASA engineers use a methodology called formal verification to validate every possibility in the spacecraft's software code.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. Last year the world watched in awe as NASA's New Horizons spacecraft sent stunning pictures of Pluto back to Earth. New Horizons had traveled 3 billion miles across the solar system over a decade's time to make its closest approach to Pluto—about 7,750 miles above the surface. That's roughly the same distance from New York to Mumbai, India.This is quite an impressive scientific achievement. But what if one small bug in the navigation software had sent the spacecraft millions of miles off course? Instead of viewing the mesmerizing Pluto terrain nicknamed "the heart," disappointed NASA scientists would instead be looking at a whole lot of black nothingness. To ensure that nothing like that happens, NASA engineers use a methodology called formal verification to validate every possibility in the spacecraft's software code.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
Last year the Federal Financial Institutions Examination Council (FFIEC) issued a statement to notify financial institutions about the growing trend of cyber attacks designed to steal online credentials. While this is certainly a big issue for banks and credit unions, concern about stolen credentials extends far beyond the financial services industry. Basically any organization with valuable data is at risk of an attack initiated with seemingly legitimate credentials.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
Last year the Federal Financial Institutions Examination Council (FFIEC) issued a statement to notify financial institutions about the growing trend of cyber attacks designed to steal online credentials. While this is certainly a big issue for banks and credit unions, concern about stolen credentials extends far beyond the financial services industry. Basically any organization with valuable data is at risk of an attack initiated with seemingly legitimate credentials.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. If you happen to be driving around California roads this summer, don't be surprised if a car with no driver pulls up next to you at an intersection. Google expects to be road-testing its prototype of a driverless car soon. If all goes well with this and other tests, BI Intelligence believes there could be 10 million cars with self-driving features on our roads by 2020.Fully autonomous cars – those that don't need any interaction at all from a driver, like Google's – still seem futuristic to most of us, but there are plenty of semi-autonomous cars sharing our roads today. This latter category includes all sorts of features to increase safety and convenience, everything from lane-keeping assist systems designed to keep a car in an open lane, to adaptive cruise control that matches the car's speed to that of the vehicle ahead,To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. If you happen to be driving around California roads this summer, don't be surprised if a car with no driver pulls up next to you at an intersection. Google expects to be road-testing its prototype of a driverless car soon. If all goes well with this and other tests, BI Intelligence believes there could be 10 million cars with self-driving features on our roads by 2020.Fully autonomous cars – those that don't need any interaction at all from a driver, like Google's – still seem futuristic to most of us, but there are plenty of semi-autonomous cars sharing our roads today. This latter category includes all sorts of features to increase safety and convenience, everything from lane-keeping assist systems designed to keep a car in an open lane, to adaptive cruise control that matches the car's speed to that of the vehicle ahead,To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. The number of new malware variations that pop up each day runs somewhere between 390,000 (according to AV-TEST Institute) and one million (according to Symantec Corporation). These are new strains of malware that have not been seen in the wild before.Even if we consider just the low end figure, the situation is still dire. Especially when it comes to advanced persistent threats (APTs), which are the most sophisticated mutations of viruses and malware, which are very effective at going completely undetected by many of the cybersecurity technologies in use today. Even security experts tell organizations to be prepared for "when" and not "if" an attack is successful.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. It's easier than ever for a malicious actor to launch a DDoS attack against practically any target in the world. Groups like Lizard Squad sell DDoS-as-a-Service for only a few dollars per hour. Some attackers won’t end their attacks until a Bitcoin ransom is paid. Consequently, there are now more attacks on more organizations worldwide than ever before. Akamai recently reported a year-over-year increase of 180% in the number of attacks it saw through its network.Not only are attacks becoming more frequent, they are getting larger, too. Some recent attacks have exceeded 200 million packets per second (Mpps). An event of this size is sufficient to bring down a tier 1 router, the kind often used by Internet Service Providers (ISPs).To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. It's easier than ever for a malicious actor to launch a DDoS attack against practically any target in the world. Groups like Lizard Squad sell DDoS-as-a-Service for only a few dollars per hour. Some attackers won’t end their attacks until a Bitcoin ransom is paid. Consequently, there are now more attacks on more organizations worldwide than ever before. Akamai recently reported a year-over-year increase of 180% in the number of attacks it saw through its network.Not only are attacks becoming more frequent, they are getting larger, too. Some recent attacks have exceeded 200 million packets per second (Mpps). An event of this size is sufficient to bring down a tier 1 router, the kind often used by Internet Service Providers (ISPs).To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. In October 2012, then-U.S. Secretary of Defense Leon Panetta gave a speech in which he warned that the United States was facing the possibility of a “cyber Pearl Harbor” and was increasingly vulnerable to foreign computer hackers who could dismantle the nation’s power grid, transportation system, financial networks and government. According to Panetta, the nation's adversaries have been acquiring technologies that could allow an aggressor nation or extremist group to gain control of critical infrastructure. “They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. If I brought up the term "mobility management" you'd probably think I was talking about BYOD and managing how workers can securely access applications and data via their smart phones. That's the aspect of mobility that IT usually has to deal with. But there's also an administrative aspect to mobility management that can be a real pain – and a big expense – for companies if it's not done well.I'm referring to the contract management aspect of company-provided mobile devices. Companies that pay for their employees' device contracts through expense reports are missing an opportunity to reduce administrative hassles and save quite a bit of money.To read this article in full or to leave a comment, please click here