Quote of the month:
People who say it cannot be done should not interrupt those who are doing it ~ George Bernard Shaw
"2014 – The Year of the Security Breach”
by Jack Wilson, Vice President and General Manager of North America Secunia
Organizations that are interested in staying away from the news must operate in a constant threat of new security related information. Understanding and managing vulnerabilities has become a continuous activity for all of us requiring significant time, attention and resources.
It has been quite a while since we have seen such news worthy attacks on computer systems. The 2014 headlines were dominated by security breaches at some of the biggest corporations around the world.
Here are some of the biggest headlines and most affected companies:
• Home Depot
• Neiman Marcus
• P.F Changs
• JP Morgan Chase
These cyber-criminal attacks did not just affect the corporations; it also affected many of us as their customers. At a recent round table discussion about this topic, I asked my colleagues to raise their hand if they had their bank debit or credit card revoked and a new one was provided due to security breaches. Every single person at that table raised their hand.
The common misconception of security breaches is attackers only target the largest organizations. This theory is extremely flawed. Every organization is a target for a security breach. So, if this is the case, why do we only hear about the large organizations being attacked? The laws and regulations force the hand of breached companies to inform their customers of the incident. Examples of these organizations are government entities, publicly traded companies and health care (HIPPA). But what about the smaller, privately held companies? Many of the companies do not want to make a breach public due to the effect of a tarnished image regarding their security and by law aren’t required to. Plus, the media can’t cover all small and medium sized companies being hacked. Let’s be honest, hearing about Joe’s Main street Deli getting hacked isn’t exactly an exciting read.
All organizations (big and small) need to focus on their security policies and practices. Just because you’re not a Fortune 500 company, does not mean you are safe from targeted attacks. Put it this way, if you have anything of value to a potential attacker (i.e. credit card information, employee information, bank account details, etc.) you might be a target at some point.
Our advice is to remember the basics. One of the fundamental IT security practices that you need to have is vulnerability and patch management. This year will be critical in keeping up to date on the latest vulnerabilities and patches to safe guard your system. 3rd party products (non-Microsoft) such as Adobe Flash and Oracle Java continue to be at the top of the list in regards to vulnerabilities and exploited in targeted attacks. As it is nearly impossible to have your network 100% safe (zero day vulnerabilities that cyber criminals already know about but no vendor patch provided), ensuring our due diligence on security can make it more difficult for these attackers. The basics protect you more than you think.
Jack Wilson is Vice President and General Manager of North America Secunia and drives the US sales strategy, execution and North American expansion. His 25 years of experience in the technology industry feature sales leadership roles at prominent organizations including Xerox, EMC, ATG and Oracle. He has also led teams at early- and mid-stage companies to produce positive revenue growth.
Listen To This Interview with Jack Wilson
Secunia just released their 2015 Vulnerability review that shares key figures and facts on vulnerabilities from a global information security perspective. You can also download their free Personal Software Inspector (PSI) which identifies vulnerabilities in non-Microsoft programs on your private PC, and automatically installs the security updates needed, to keep you safe from cyber-attacks. secunia.com