Tag Archives: Security Audits

Google data shows value of penetration testing and regular security audits

June 26, 2012

Alongside penetration testing and regular security audits, ensuring safe online browsing practices can be one of the best ways to ensure your business remains protected from external threats.

A new blog post published June 19, from Google principal software engineer Niels Provos, has confirmed just how many malicious websites are out there and posing a danger to internet users.

“We protect 600 million users through built-in protection for Chrome, Firefox, and Safari, where we show several million warnings every day to Internet users,” writes Provos.

“We find about 9,500 new malicious websites every day. These are either innocent websites that have been compromised by malware authors, or others that are built specifically for malware distribution or phishing.”

The new information has been released to commemorate the five year anniversary of Google’s Safe Browsing effort, which is an initiative aimed at ensuring users remain safe while using the internet.

Malicious websites are often used as a way of spreading information-stealing malware software, which can allow cybercriminals to externally access private information, disrupt computer operations or track user activity online.

Google suggests that users who want to protect themselves from online threats pay attention to any official warning messages that pop up.

Furthermore, by selecting the check box that appears on the red warning page, people can assist Google by submitting information on potentially dangerous or unscrupulous websites.

Businesses concerned about the danger of online malware and viruses spreading onto company servers will want to ensure they are running up to date anti-virus software and regularly reviewing vulnerability management reports.

“The threat landscape changes rapidly. Our adversaries are highly motivated by making money from unsuspecting victims, and at great cost to everyone involved,” writes Provos.

However Google has moved to reassure people that it will continue to invest in safe browsing and maintaining internet security in order to deal with evolving cybercrime technology.

Well informed staff members assist vulnerability management

June 06, 2012

Forward thinking employers take the security of information assets as seriously as they do the protection of their commercial property and their staff members.

This is because – like other more tangible resources – the data collected and stored by a firm offers a range of value-adding opportunities that are unique to the business concerned.

Understandably this makes the collection and analysis of information from a range of sources a sound investment in future development – allowing managers to gain insight into market patterns and buyer behaviour that might otherwise slip by unnoticed.

Anonymous trend data in itself can seem fairly innocuous – after all, there are no names attached and the details used will be of little use to anyone outside the industry.

However, the proprietary nature of this information – or rather the planning resources it can provide – mean that it can be a target for malicious parties looking to disrupt the organization’s developmental capacities.

When these resources are combined with client details, account numbers or contact channels, the threat posed by the loss or misappropriation of these data stores grows even more.

This is because such attentions hurt not only the planning activities normally undertaken by managers but also have the power to damage the company’s hard won reputation.

Moreover, should the details be made freely available there is a very real chance that valued customers and clients could become the unwilling targets of endless spam campaigns and social engineering attempts.

This is why it is a good idea for managers to ensure that staff members are well informed of the role they play in actively enforcing vulnerability management.

Professional security audits can go a long way towards ensuring that employees are aware of how their behaviour and routines can be tightened to ensure that breaches are less likely to occur.

In addition these professional teams are able to offer sound advice on measures that can be used to restrict unauthorised access should a gap in the defences become known – reducing the potential for damage to brand image.

When combined with other strategic moves – such as training sessions and proactive feedback initiatives – businesses are able to keep staff members informed of the role they play in managing data security while also allowing workers to contribute to the safety of proprietary information.

This engagement is perhaps the greatest measure of employee commitment – as they feel like a valuable part of a team that is working together, rather than viewing due diligence as a chore to be avoided.

The two-pronged approach to effective digital security

May 13, 2012

Raising the issue of system audits, it is common for people inside a business to consider one of two key topics – online precautions or internal business protocols. However, the truth is that these two areas have a much closer relationship than may be immediately apparent.While internal policies help managers to control how sensitive information is stored, transmitted and processed, these rules and regulations do not directly protect the firm from dedicated external threats. Conversely, the deployment of a firewall, antivirus software and spam filters can provide a good level of protection from probing attacks, but do little to reduce the impact of a breach should it occur.

This is why specialist security audit firms suggest that a two-pronged approach be taken when the decision is made to review an enterprise’s defences – as a comprehensive review will deliver more of an insight into potential problems than a piecemeal plan. A sound report will allow managers and IT specialists to begin collating a defensive strategy that covers all the bases – not just external threats or internal processes