Web 2.0 technologies, such as Facebook, MySpace and Twitter, are a major security concern for businesses, according to research by Deloitte.

A survey of 200 technology, media and telecommunications firms shows 83% view the exploitation of vulnerabilities in Web 2.0 as a significant threat .

“In some cases, employees unintentionally release sensitive information without realising the consequences,” said James Alexander, partner in Deloitte’s Security and Privacy Team.

Continue reading …

Advertisements

Network security threats abound, and news of data breaches are constantly made public. Are information security professionals doing something wrong? Where are enterprises most vulnerable? And what can network pros do to keep a company more secure? in order to solve security issues, we need to think of information security as risk management, says Interop IT security track chair John Pironti, who is president of IP Architects, LLC. Here’s why:

Read full story

Most survey respondents still haven’t achieved quantifiable benefits, study says

Can you tell if your security information and event management (SIEM) or log management tools are really saving your company money or making it more secure? If you can’t, you’re not alone.

According to a study published today by Aberdeen Grouponly about 20 percent of SIEM users can point to definite gains from using the tools, as measured by reductions in security incidents, audit deficiencies, or operational costs.

“The majority of respondents have not yet achieved those quantifiable benefits, and in some cases are seeing increases in audit deficiencies, security incidents. and operational costs associated with security management,” said Aberdeen in a press release.

Read full story

Many enterprises are lacking key tools for protecting Web 2.0 data, study says

Enterprises are allowing increasingly wider use of Web 2.0 technologies in the workplace for both business and personal use, but many are not ready to secure those applications, according to a study released Wednesday.

According to “Web 2.0 At Work,” a study conducted by research firm Dynamic Markets and commissioned by Web security vendor Websense, some 95 percent of companies currently let their employees access some Web 2.0 applications — including Webmail, mashups, and wikis — and 62 percent of IT managers believe that Web 2.0 is necessary to their businesses. IT executives are feeling pressure from all levels of the organization to expand support for Web 2.0 technologies across the enterprise, the study says.

Read full story

At CSI/SX, Verizon Business’ Peter Tippett talks trends and lessons learned in data breaches

Given the nature of data breaches today, organizations are better off saving money and doing “lightweight” security testing across more of their infrastructure than conducting deep assessments across a few systems, Peter Tippett, vice president of innovation and technology for Verizon Business, told attendees at the Computer Security Institute (CSI) Security Exchange conference here this week.

Read full story

This week’s installment of what’s-old-is-new-again in the world of malware comes from one of the many groups making and distributing phishing Trojans in China. Earlier this year, someone discovered a hacktool called ZXArps, and began distributing it in earnest as a payload from another malicious downloader.

Unlike most malware we see these days, ZXArps (which dates back to 2006, and was discovered by the English-speaking security community the following year) isn’t designed to perform a single task. It’s more like a Swiss Army knife, giving its users a great deal of control over not only the computer on which it’s running, but the immediate network environment in which that computer sits.

Continue reading the article …

Newly released client data from White Hat Security finds organizations are slow to close known security holes in their Websites

Most Websites harbor at least one major vulnerability, and over 80 percent of Websites have had a critical security flaw, according to new data released today by WhiteHat Security.

The Website vulnerability statistics, based on Website vulnerability data gathered from WhiteHat’s own enterprise clients, show that 63 percent of Websites have at least one high, critical, or urgent vulnerability issue, and there’s an average of seven unfixed vulnerabilities in a Website today.

Continue reading the article …