Monthly Archives: October 2013

US companies now have framework of voluntary cybersecurity standards

October 30, 2013

Last week, companies around the US were given a new set of voluntary standards that, if they choose to adopt them, will help them increase cybersecurity without having to formally adhere to red-tape laden regulations.

The plan was put in place by the National Institute of Standards and Technology (NIST), which said it hopes the framework will encourage companies involved with the country’s critical infrastructure to adopt the standards. These include banks, financial services firms and electric and water utilities.

For years, many of these companies have stated that enforced cybersecurity standards would only get in the way. By making the standards voluntary, NIST says firms will be much more likely to increase their cybersecurity efforts.

Continue reading

Vulnerability management ‘being affected by Nexus of Forces’

October 29, 2013

Vulnerability management will continue to be affected by the Nexus of Forces, Gartner has insisted.

The analyst firm said the Nexus – which comprises social, mobile, cloud and big data – is becoming an increasing strain on traditional security models.

This will result in 60 per cent of enterprise information security budgets being allocated towards the rapid detection and response to threats by 2020, compared with just ten per cent this year.

Gartner also claimed that mobile workforces are creating new demands on existing systems and infrastructure, with businesses needing to be flexible to the evolving digital landscape. 

Tom Scholtz, vice-president and Gartner fellow, said there is going to be many changes to IT security infrastructure over the next ten years.

"Organisations are changing radically – tearing down and redefining traditional boundaries via collaboration, outsourcing and the adoption of cloud-based services – and information security must change with them," he explained.

Mr Scholtz said systems need to become more adaptive by including more context at the moment a security decision must be made, enabling more accurate assessments of whether actions should be allowed or denied.

"The megatrends of consumerisation, mobility, social, and cloud computing are radically transforming the relationship between IT, the business and individual users," he stated.

Continue reading

Study shows Australian companies may be taking vulnerability management more seriously

October 21, 2013

A new report has shed light on the number and severity of cyber attacks in Australia, and the impressive results suggests businesses around the country have been taking the threat of hackers more seriously.

According to the Australian Associated Press, the average cost of each Australian-targeted cyber attack fell in the past year, dropping from more than $300 in 2012 to about $200 now. The data comes from the results of a new study released by a global internet security provider.

The results also showed that fewer people fell victim to cyber attacks last year, with the number dropping to 5 million from about 5.4 million last year. Overall, cyber attacks cost Australians about $1.05 billion this year, compared to $1.65 billion last year.

Continue reading

Understanding the value of penetration testing

October 18, 2013

When a company goes about testing its cybersecurity systems, it has a few options to choose from, but the type that may provide the most insight into how well a business responds to a cyber threat may be a penetration test.

Different from a standard security audit, penetration testing goes the extra mile to determine how exactly a system will respond once a hacker exploits a vulnerability.

A recent article in Forbes outlined the many reasons businesses are opting to undergo penetration testing, and what value these organisations derive from it.

Continue reading

AAPT breaches Privacy Act

October 17, 2013

Australian telecommunications company AAPT is now the subject of a rigorous investigation spearheaded by Information Commissioner Timothy Pilgrim, who announced on October 15 that the company failed to adequately protect its customers’ data from hackers.

What’s more, the Commissioner also discovered that AAPT was holding on to old customer records, breaching the act for not properly destroying the sensitive information.

The investigation uncovered that back in July 2012, AAPT’s customer data – stored on a hosted server – was compromised by hackers, and the information was posted online.

“While I appreciate the speed and the way in which AAPT responded to the incident, it highlights the importance of having appropriate security systems and contractual arrangements in place to avoid a breach such as this,’ Mr Pilgrim said in a statement.

Continue reading

Study: Australians say privacy is a priority

October 16, 2013

Privacy is quickly becoming one of the biggest issues among Australian consumers, who are increasingly asking more of organisations to protect their personal information and other sensitive data.

According to the Australian Information Commissioner’s 2013 Community Attitudes to Privacy survey, about 48 per cent of Australian believe that services that are based on the internet, including online shopping and using social media sites, leave them the most exposed to security risks.

Continue reading

Companies can benefit from PCI DSS templates

Businesses that need to comply with the Payment Card Industry Data Security Standard (PCI DSS) may find it easiest to use pre-made compliance security policy templates, which PCI DSS experts in many countries and industries can use.

Compliance with the standard is paramount in many businesses, but it can be difficult to achieve without documentation that has been researched and penned by experts in the field. The demand for compliance is only expected to grow as local and federal governments continue to require improved cyber security measures.

A good template will feature step by step instructions that are unique to merchants and service providers.

Continue reading

IT conference addresses need for ethical hacking

October 14, 2013

At the recent SecTor security conference held in Toronto, Canada, major players in the IT security industry spoke on several issues.

However, one of the biggest takeaways from the event, according to several experts, was the insight experts gave on ethical hacking, and how it can increase cybersecurity. According to ITWorldCanada,  leaders at the event stated ethical hacking was the best way for large corporations to learn where the potentially devastating holes lie in their software systems.

Such forms of penetration testing are often not taught in schools, though. It’s for this reason that the experts said some of the best people for the job may not be recruited out of the world’s top technology schools, but rather, the computer-savvy ones who have put in hours on their own to discover the limits of existing computer systems.

This, it’s argued, has created a gray area.

Continue reading

Australians ‘increasingly worried about data security’

October 12, 2013

Australians increasingly expect organisations handling their personal information to be safe and secure, new research has revealed.

Latest statistics from the Office of the Australian Information Commissioner's (OAIC) 2013 Community Attitudes to Privacy survey showed the public are becoming more concerned with online services such as social media.

The OAIC found 48 per cent of Australians believe web threats pose the greatest privacy risks, which may encourage more businesses to pursue a security audit to highlight any weaknesses in their current operations.

Australian information commissioner Professor John McMillan said the explosion in sites such as Twitter and Facebook have significantly changed consumer outlook towards online privacy since the last survey in 2007.

Timothy Pilgrim, privacy commissioner, said high standards must be followed to put Australians' minds at rest.

"There is a business imperative for organisations to be transparent about their personal information-handling practices and to ensure that privacy is built into systems and processes right from the beginning," he stated.

"Over 60 per cent of Australians have decided to not deal with an organisation because of privacy concerns, which is an increase from just over 40 per cent in 2007."

The most trusted industries are health providers, financial institutions and the government, with 90, 74 and 69 per cent of people respectively feeling their data is safe in these hands.

Survey respondents said they expect data security protection to be equally strong in both the private and public sectors, while 96 per cent of participants expect to be contacted if their information is lost.

People are also keen to have a greater understanding of how their data is handled on a day-to-day basis, with 95 per cent asking for more communication in this area.

"With a significant number of people saying that they have decided not to deal with an organisation due to privacy concerns, I suggest that business needs to listen to this and consider improving their practices," Mr Pilgrim stated.

Other areas of concern included the international sharing of personal information.

Not only did 90 per cent of people express concerns about this practice, 79 per cent believe it is actually a misuse of their data.

Mr Pilgrim described this as an interesting trend, particularly with the increasing frequency with which information is crossing the border between countries.

However, he said new privacy laws being introduced in March should provide more protection in this area.

Continue reading