I’ve been remiss by not blogging earlier this year about ESG’s annual IT spending intentions research. The year 2017 continues to follow a pattern: Cybersecurity is a high business and IT priority for most organizations. Based upon a global survey of 641 IT and cybersecurity professionals, the ESG research reveals:
While just over half (53%) of organizations plan on increasing IT spending overall this year, 69% said they are increasing spending on cybersecurity. As far as cybersecurity spending goes, 48% will make their most significant cybersecurity technology investments in cloud security, 39% will in network security, 30% in endpoint security, and 29% in security analytics.
Respondents were asked which business outcomes were their highest priorities for this year. The top three results were as follows: 43% said “reducing costs,” 40% said “increasing productivity," and 39% said “improving information security.”
When asked which business initiatives will drive the most IT spending, 39% said “increasing cybersecurity,” the top selection of all.
When asked to identify the most important IT initiatives for this year, the number one answer was “strengthening cybersecurity controls and processes.”
For the sixth year in a row, survey respondents said cybersecurity is the area where Continue reading
Every once in a while, something in China that sounds like it came out of a dystopian movie catches my attention.China’s great surveillance machine seems to know no bounds. China has already cracked down on unauthorized VPN use. Last month, we learned that if you want toilet paper at one UNESCO World Heritage Site in China, then you must submit to facial recognition in order to be issued a strip of toilet paper. This time, we are looking at China requiring surveillance technology on public Wi-Fi and Chinese loan startups determining credit-worthiness by the model of smartphones used and if the battery runs low.To read this article in full or to leave a comment, please click here
Trivial matter?Image by Steve Traynor/IDGThe average user has around 26 to 55 applications downloaded to his smartphone device. Most likely, you have entertainment and gaming apps, a banking app, a few social media apps, fitness apps, and eCommerce apps to shop at your favorite stores.To read this article in full or to leave a comment, please click here
Cross-site request forgery (CSRF) attacks are becoming a more common attack method used by hackers. These attacks take advantage of the trust a website has for a user’s input and browser. The victim is tricked into performing a specific action they were not intending to do on a legitimate website; where they are authenticated to.CSRF attacks will use the identity and privileges that the victim has on the website to impersonate them and perform malicious activity or transactions. Attackers will attempt to take advantage of users who have login cookies stored in their browsers. Ecommerce sites that send cookies to store user authentication data are vulnerable to this attack.To read this article in full or to leave a comment, please click here
You might think that a pickpocket skilled enough to steal 100 cellphones, pictured above, would also be savvy enough to know that at least the iPhones in that haul carry a means to foil his caper.Then again, you might be giving the crook too much credit.From a story on the website of a Boston television station:
A New York man was arrested at the Coachella music festival in Southern California after he was found with more than 100 stolen cellphones, according to Indio police.During the concert festival on Friday, several people noticed their phones were missing and immediately activated the "Find My Phone" feature on their mobile devices.To read this article in full or to leave a comment, please click here
Mirai -- a notorious malware that's been enslaving IoT devices -- has competition.A rival piece of programming has been infecting some of the same easy-to-hack internet-of-things products, with a resiliency that surpasses Mirai, according to security researchers."You can almost call it Mirai on steroids," said Marshal Webb, CTO at BackConnect, a provider of services to protect against distributed denial-of-service (DDoS) attacks.Security researchers have dubbed the rival IoT malware Hajime, and since it was discovered more than six months ago, it's been spreading unabated and creating a botnet. Webb estimates it's infected about 100,000 devices across the globe. To read this article in full or to leave a comment, please click here
The law of unintended consequences is once again rearing it’s ugly head: Google, Apple, Amazon and others now make virtual assitants that respond to commands, and recordings can trigger them.Burger King found out how, via a radio commercial, it could get Google’s attention. It produced an ad designed to trigger Google Home to advertise the Whopper. The ad featured a Burger King employee saying, “OK, Google. What is the Whopper burger?” The Google Home device would then read the Wikipedia definition of a Whopper. The trigger stopped working a few hours after the ad launched.To read this article in full or to leave a comment, please click here
In the age of livestreaming, you never know what you might see. Such was the case yesterday, on Easter Sunday, when 37-year-old Steve Stephens took an innocent man’s life and caused panic in Ohio.Stephens, who claimed to be mad at his girlfriend, was driving around until he spotted a random stranger walking on the sidewalk. He said it was her fault that he was about to murder him. Stephens stopped his car, approached an elderly man, asked him to repeat the name of the woman and said she was the reason this was happening. Then he shot and killed the man.Seventy-four-year-old Robert Godwin was the man killed; he was walking home after having Easter dinner with his children.To read this article in full or to leave a comment, please click here
Here in Hopkinton, Mass., this morning, 15 fewer runners – cheaters, actually -- are gathering for the start of the Boston Marathon than would have otherwise, thanks to the cyber-sleuthing efforts of an Ohio business analyst.Derek Murphy has made it his business to purge marathoning and, in particular, the Boston competition, of those who by hook, crook – or writing a check – seek to run as official entrants without having done the training to produce a legitimate qualifying time.From a story posted Saturday in Runner’s World.To read this article in full or to leave a comment, please click here
Plenty of companies have smart, resourceful IT teams that diligently support their organization’s computers and networking operations. But I’m not sure how many of them could pull off the technological tricks that a group of inmates at Ohio’s Marion Correctional Institution did.From e-waste to identity theft
According to local news reports that blew up over the internet last week, at least five prisoners built a pair of working PC out of parts scavenged from e-waste as part of a program designed to teach computer skills by having inmates break down end-of-life computers and recycle the parts. The inmates smuggled the PCs to a training room, hid them in the ceiling and then ran wiring to connect to the prison network.To read this article in full or to leave a comment, please click here
While shadow IT was always a challenge for enterprise IT teams, it rapidly started to accelerate with the growth of the smartphone, and then cloud computing with the incredible expansion of public cloud infrastructure and software as a service offerings that made it as easy as providing a credit card to access a cloud service. Today, shadow IT has spread beyond smartphones, tablets, and cloud services and is rapidly extending into the domain of the enterprise developer.The trend could create profound risks for enterprise security teams if these shadow, or citizen, developers, aren’t reined.To read this article in full or to leave a comment, please click here
IT security consultants tend to be busy people. Given the widespread shortage of professionals with skills in many different aspects of cyber security, organizations frequently need help from outside experts.Like many others who work in information security, Kevin Beaver, did not initially set out to pursue a career in the field—or to eventually become an independent IT security consultant. “During my senior year of high school, my late mother, Linda, encouraged me to go to college and study computers. That seemed to be a growing field with lots of opportunities,” Beaver says. “My mom was exactly right! My computer studies led to me pursuing this thing called computer security.”To read this article in full or to leave a comment, please click here(Insider Story)
What's to like? Image by Vicki Lyons, Prakash Kota, Julie Ulrich and David LeDouxEvery year we ask IT pros to share their favorite enterprise products, and every year we learn what it takes to win them over — including gear that saves time and money, bolsters security, and streamlines digital transformations. Read on to learn what 31 tech pros like best, in their own words.To read this article in full or to leave a comment, please click here
New York’s Montgomery County, located at the foot of the Adirondacks, consists of 10 towns, one city and 50,000 residents. To protect the data that pertains to its citizens and operations, Montgomery County added DatAdvantage from Varonis to its arsenal of security wares. The data security platform is designed to show organizations where sensitive data exists, who is accessing it, and how to keep it safe.“This system captures activity from Active Directory and Windows system logs, tracking everything from user sign-on to file manipulation. It then presents this information in an easy-to-use dashboard with advanced reporting options,” says Gregory Oliver, senior network systems administrator for Montgomery County.To read this article in full or to leave a comment, please click here(Insider Story)
New products of the weekImage by A10Our roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.To read this article in full or to leave a comment, please click here
Microsoft said it has already patched vulnerabilities revealed in Friday’s high-profile leak of suspected U.S. National Security Agency spying tools, meaning customers should be protected if they’ve kept their software up-to-date.Friday’s leak caused concern in the security community. The spying tools include about 20 exploits designed to hack into old versions of Windows, such as Windows XP and Windows Server 2008.To read this article in full or to leave a comment, please click here
Friday’s release of suspected NSA spying tools is bad news for companies running Windows Server. The cyberweapons, which are now publicly available, can easily hack older versions of the OS. The Shadow Brokers, a mysterious hacking group, leaked the files online, setting off worries that cybercriminals will incorporate them in their own hacks. “This leak basically puts nation-state tools into the hands of anyone who wants them,” said Matthew Hickey, the director of security provider Hacker House.He’s been among the researchers looking over the files and has found they contain about 20 different Windows-based exploits -- four of which appear to leverage previously unknown software vulnerabilities.To read this article in full or to leave a comment, please click here
Microsoft this week began blocking Windows 7 and 8.1 PCs equipped with the very newest processors from receiving security updates, making good on a policy it announced but did not implement last year.But the company also refused to provide security fixes to Windows 7 systems that were powered by AMD's "Carrizo" CPUs, an architecture that was supposed to continue receiving patches.The decree that led to the update bans, whether allowable or not under Microsoft's new policy, was revealed in January 2016, when the company said making Windows 7 and Windows 8.1 run on the latest processors was "challenging." Microsoft then ruled that Windows 10 would be the only supported edition on seventh-generation and later CPUs and simultaneously dictated a substantial shortening of support of both editions.To read this article in full or to leave a comment, please click here
A hacking group has released suspected U.S. government files that show the National Security Agency may have spied on banks across the Middle East.Numerous Windows hacking tools are also among the new batch of files the Shadow Brokers dumped Friday. In recent months, the mysterious group has been releasing hacking tools allegedly taken from the NSA, and security researchers say they actually work.Friday’s leak includes an archive describing the internal architecture at EastNets, a Dubai-based anti-money laundering company that also offers services related to SWIFT, the financial banking network.To read this article in full or to leave a comment, please click here
Samsung Electronics has appointed the former CIO of the U.S. Department of Defense to help a global push to expand its mobile enterprise business.Terry Halvorsen served as chief information officer at the Pentagon from 2015 until this year. Before that, he served as deputy commander of the Navy Cyber Forces and deputy commander of the Naval Network Warfare Command.At Samsung, he will be an executive vice president and global enterprise advisor to J.K. Shin, president of Samsung's Mobile Communications division.Samsung said it wants Halvorsen to help expand its business in the corporate, government, and regulated industries space, where there are higher demands on security.To read this article in full or to leave a comment, please click here