Tag Archives: security

How safe are our holiday gifts?

With the holiday season in full swing and the popularity of tech gifts soaring, we must now be aware of which digital gifts may put our security at risk. Here’s a video on the holiday’s most hackable gifts:

Advertisements

Telecommunications companies are not doing enough to address cyberthreats

As the telecommunications industry continues its shift to a digital business model, organisations are recasting themselves as technology companies that offer a broad array of digital communications, connectivity, and content services.

They are racing to deliver not only high-quality and reliable communications services, but also to provide fresh content across a range of computing platforms to an expanding range of customers. Digitisation also has led to new products and services that are created and delivered in innovative ways, resulting in a raft of new collaborations, joint ventures, and strategic alliances across industries. At the same time, a slew of big deals are in the works, including mergers of telecommunications companies, multi-system operators, satellite television providers, and mobile communications networks. Some telecoms are acquiring businesses outside of their traditional scope to gain intellectual property and broaden their services.

Many of these changes are compounding network traffic and demanding that telecoms deliver enhanced capacity and quality of services – without raising fees to customers. That represents a formidable challenge as new entrants to the telecom market and lower pricing structures intensify competition and, in some cases, erode revenues.

Making matters more difficult: The frequency and scope of cybersecurity and privacy risks continue to mount. While breaches have typically targeted customer data, there is growing concern that ultra-sophisticated adversaries like nation-states, organised crime, and hacktivists will initiate attacks that disrupt services and even cause physical damage. A recent attack on a French television network provides an example that is uncomfortably close to home: In April, politically motivated hackers infiltrated a major television broadcaster, knocking 11 channels off the air and compromising websites and social media accounts.

As telecoms pivot toward a more digital future, they will very likely encounter entirely new types of cybersecurity risks to data, applications, and networks. Yet according to findings from The Global State of Information Security® Survey 2015 (GSISS),many telecommunications companies are not doing enough to address cyberthreats for today – or the future.

Delusions of Safety: Getting to grips with today’s growing cyber-threat

“Delusions of Safety – The Cyber Savvy CEO: Getting to grips with today’s growing cyber-threats” video addresses a serious cyber security issue, using a fictitious scenario.
It illustrates why leadership by a CEO who truly understands the risks and opportunities of the cyber world, will be a defining characteristic of those organisations, whether public or private sector, and will realize the benefits most effectively.

This video can be used as supporting material for a Crisis Management exercise or Security Awareness program.

Benchmark your security programs against your peers

Information Security Wordle: RFC2196 - Site Se...
Photo credit: purpleslog

In 2011, economic uncertainty continued to impact the security programmes of many organisations. The effects of a recovering economy converged with strong confidence in the efficacy of security programmes to create an environment in which security practices are often weakened. As a result, organisations have become vulnerable to increasingly sophisticated threats to information security, with potentially harmful consequences to businesses across industries and across the globe.

I believe we all understand that information security can make or break the success of business goals and competitive advantage. As a result, many of the organisations today are taking a hard look at what’s needed to design, implement and manage an effective information security programme, one that addresses today’s evolving business practices and heightened security threats.

PwC, in conjunction with CIO and CSO magazines, carried out a global survey of more than 9,300 security and business executives from February 1 to April 15, 2012. The survey examined how executives viewed the scope and efficacy of their security policies, strategies and technologies. To gauge how you stack up against your peers, you may use their custom tool to benchmark your organisation’s security profile. Once you have entered your responses, you can create a customized PDF file that explores how your views compare with others, with insights from PwC’s Security Advisory team.

Compare your security profile against The Global State of Information Security Survey 2013 results

52% of executives said their company will increase security spending over the next year

Lokcpick 101
Image by SerialK via Flickr

According to the 2011 Global State of Information Security Survey (conducted by PricewaterhouseCoopers in conjunction with CIO and CSO magazines), out of 12,800 executives from 135 countries, 52% said their company will increase security spending over the next year. Yet many executives said their company’s business partners (52%) and suppliers (50%) have been weakened by economic conditions, a substantial increase from 43% and 42%, respectively, in 2009.

Security executives said their companies also have been impacted by spending restraints, often resulting in the stalling or degradation of some fundamental security capabilities such as conducting personnel background checks and the use of vulnerability scanning tools. Additionally, 47% of respondents said their organization had reduced security-related funding for capital expenditures and 46% said their company had reduced security-related operating expenditures.

The top factors driving information security spending this year are economic conditions (reported by 49% of respondents), business continuity and disaster recovery (40%), company reputation (35%), internal policy compliance (34%) and regulatory compliance (33%).

The only spending driver to show substantial increases this year is “client requirement,” the study found. Client requirement moved up from the bottom of the list in 2007 to near parity with the top-ranking legal/regulatory environment. The rise of client requirement demonstrates the continuing strategic importance and integration of the security department to the business.

Not surprisingly, due to the cost-cutting initiatives taken by most global actors, the 2011 Global State of Information Security Survey also found a significant shift in the ongoing evolution of the CISO’s reporting channel, which has moved away from the CIO in favor of the company’s senior business decision-makers such as the CFO and the CEO.

Risks of social networking and a new role for insurance

The 2011 Global State of Information Security Survey revealed that many companies are unprepared to deal with the potential risks of social networking and other Web 2.0 applications: 60% of respondents said their organization has yet to implement security technologies supporting Web 2.0 exchanges such as social networks, blogs or wikis, according to the survey.

Additionally, 77% of respondents said their organization has not established security policies that address the use of social networks or Web 2.0 technologies. This lack of action on social networking and Web 2.0 technologies can expose organizations to a variety of risks, including loss or leakage of information, damage to the company’s reputation, illegal downloading of pirated material, and identity theft.

The survey also found that many companies are using an additional tool (insurance) to protect the organization from theft or misuse of assets such as sensitive data or customer records: 46% of respondents said their organization has an insurance policy. Additionally, 17% of respondents said their company has made a claim and 13% said their company has collected on a claim.

In Europe, the focus on information security is far more muted, the survey found. Europe now trails other regions in maturity across many security capabilities. Like North America, Europe continues to suffer poor visibility into security events and, as a result, may be unaware of the true impact of events on the business. While 68% of European respondents say their organizations place a high level of importance on protecting sensitive customer information, the responses from other global regions are higher, including Asia (80%), North America (80%), and South America (76%).

Industry specific highlights and further regional information are available here