Tag Archives: risk

My latest Gartner research: Market Opportunity Map: Security and Risk Management Software, Worldwide

20 April 2017  |  The security software market is transforming through four vectors: analytics, adoption of SaaS and managed services, expanded ecosystems, and regulations. Technology business unit leaders must realign their product and go-to-market strategies to address these key forces….

Gartner clients can access this research by clicking here.




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] IoT risks raise concerns among IT specialists in central and eastern Europe

www.computerweekly.com/news/4500272253/IoT-risks-raise-concerns-among-IT-specialists-in-CEE By Krzysztof Polak ComputerWeekly.com 04 Feb 2016 The internet of things (IoT) has gone from an industry buzzword to a highly promising phenomenon in central and eastern Europe – but IT specialists are concerned about how to protect networks from the extra strain of new connected devices. The driving force behind IoT is the desire to gain knowledge and insights about, for example, buildings, cars, industrial installations, healthcare, aviation and civil infrastructure, using smart and connected devices. But according to Sylwester Chojnacki, director, enterprise business group at Huawei CEE, the designers of IoT equipment have not learned the lessons from the early years of internet development. “They do not pay sufficient attention to the safety of devices and applications,” he said. IoT devices are often the first target in cyber attacks, leading to intrusions into computer systems and large databases. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] New centre to help Singapore boost cyber security

www.straitstimes.com/singapore/new-centre-to-help-spore-boost-cyber-security By Lim Yan Liang The Straits Times Feb 4, 2016 Singapore will face more cyber attacks as technology is increasingly used in everyday life, from smart traffic lights and driverless trains to the ubiquitous smartphones. The greater risk, which is inevitable as Singapore pushes to be a Smart Nation, was flagged yesterday by the managing director of the Infocomm Development Authority (IDA), Ms Jacqueline Poh, noting the rise in the United States of such security incidents involving its critical infrastructures. To address the danger, Singapore plans to give existing measures a further boost. One is the introduction of a Cyber Security Bill in Parliament later this year to give the 11-month-old Cyber Security Agency greater powers to secure Singapore’s critical information infrastructure. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Broad use of cloud services leaves enterprise data vulnerable to theft, report says

www.networkworld.com/article/3025944/security/broad-use-of-cloud-services-leave-enterprise-data-vulnerable-to-theft-report-says.html By Patrick Nelson Network World Jan 25, 2016 Data theft is a very real and growing threat for companies that increasingly use cloud services, says a security firm. Workers who widely share documents stored in the cloud with clients, independent contractors, or even others within the company are creating a Swiss-cheese of security holes, a study by Blue Coat Systems has found. In some cases, cloud documents were publicly discoverable through Google searches, the researchers say of their analysis. ‘Broadly shared’ The study found that 26% of documents stored in cloud apps are shared so widely that they pose a security risk. Compounding the issue is that many organizations aren’t even aware of it. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] What are Top HIPAA Compliance Concerns, Obstacles?

healthitsecurity.com/news/what-are-top-hipaa-compliance-concerns-obstacles By Elizabeth Snell Health IT Security January 25, 2016 Maintaining HIPAA compliance should always be a key area for leaders in the healthcare industry, but as technology continues to evolve, there are numerous factors coming into play that could affect how organizations keep patient data secure. But what type of obstacles are standing in provider’s’ way? Are there certain difficulties when it comes to HIPAA compliance? We’ve previously discussed the legal perspective on HIPAA regulations, and various experts in the field have claimed that “it’s not a matter of if, but a matter of when” a data breach will take place. Recent OCR HIPAA settlements not only show that size is not a factor when it comes to enforcement, but that organizations need to be mindful of everything from physical safeguards to conducting regular risk assessments. Technical advancements have also proven to be potentially beneficial to covered entities. Whether an organization is looking to implement secure messaging options or potentially invest in cloud storage, privacy and security issues cannot be overlooked. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] How much at risk is the U.S.’s critical infrastructure? (fwd)

www.csoonline.com/article/3024873/security/how-much-at-risk-is-the-uss-critical-infrastructure.html By Taylor Armerding CSO Jan 21, 2016 There is universal agreement that modern warfare or crime fighting is not just about bullets, bombs and missiles in physical space. It’s also about hacking in cyber space. But over the past decade there has been much less agreement over how much of a threat hackers are. On one side are those – some of them top government officials – who have warned that a cyber attack on the nation’s critical infrastructure could be catastrophic, amounting to a “cyber Pearl Harbor.” Those warnings prompted the recent book by retired ABC TV “Nightline” anchor Ted Koppel titled, “Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath.” Other experts argue just as forcefully that while the threats are real and should be taken seriously, the risks are not even close to catastrophic. They say those who predict catastrophe are peddling FUD – fear, uncertainty and doubt. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] 6 critical updates for January Patch Tuesday

www.computerworld.com/article/3022060/security/6-critical-updates-for-january-patch-tuesday.html By Greg Lambert Computerworld Jan 13, 2016 Microsoft has started the year with a truly unusual Patch Tuesday. There are nine updates for January, with six rated as critical and the remaining three rated as important (the reverse of the usual distribution in terms of severity). January has a couple of additional surprises. First, it looks like MS16-009 did not make this Patch Tuesday release at all and may only surface later this month. Secondly, we see what has been rated as an important update with MS16-008 may contain the most severe vulnerability and the most risky patch contents. Thanks to Shavlik this month for their very helpful summary infographic detailing this January Patch Tuesday. MS16-001 — Critical The first update rated as critical for the year 2016 is MS16-001, an update for Microsoft Internet Explorer that attempts to resolve two reported vulnerabilities, that at worst could lead to a remote code execution scenario. This update affects all supported versions of Windows and will require a system restart due to the complete re-release of all IE related executables and supporting libraries. Microsoft has offered some advice on how to mitigate the risk of this particular vulnerability. However, this advice requires changing the ownership (and subsequent security settings) of one of IE’s core system libraries (VBScript.dll) which in practice is usually difficult to do and almost impossible to manage in an enterprise scenario. This is a “Patch Now” Microsoft update. MS16-002 — Critical The next critical update for this January Patch Tuesday is MS16-002 which attempts to resolve two reported vulnerabilities in Microsoft’s latest browser


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] 8 out of 10 mobile health apps open to HIPAA violations, hacking, data theft

www.healthcareitnews.com/news/8-out-10-mobile-health-apps-open-hipaa-violations-hacking-data-theft By Bill Siwicki Healthcare IT News January 13, 2016 A new report shows 84 percent of U.S. FDA-approved health apps tested by IT security vendor Arxan Technologies did not adequately address at least two of the Open Web Application Security Project top 10 risks. Most health apps are susceptible to code tampering and reverse-engineering, two of the most common hacking techniques, the report found. Ninety-five percent of the FDA-approved apps lack binary protection and have insufficient transport layer protection, leaving them open to hacks that could result in privacy violations, theft of personal health information, as well as device tampering and patient safety issues. The new research from Arxan, which this year placed special emphasis on mobile health apps, was based on analysis of 126 popular health and finance apps from the United States. United Kingdom, Germany and Japan. There is a disparity between consumer confidence and the attention given to security by app developers, the study found. While the majority of app users and app executives said they believe their apps are secure, nearly all apps Arxan assessed proved to be vulnerable […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail