Latest news
Ian Whiting is the CEO Titania, a developer of security auditing and testing software. In this interview he discusses managing information-related risks in the enterprise, Titania Labs free tools, current information security threats, and more.What do you see as today's biggest information security threats?
Today’s biggest information security threats have not changed from yesterday or even last year. There are still attacks from organized groups, insider threats, intellectual property theft and the threat of a lone hacker. However I believe the largest problem is one of our own making, rather than that provided by the attacker. Companies are increasingly choosing to defend against security threats using the minimum security standards level dictated by one of the many compliance standards.
Compliance standards are important and do raise the base security level for those organizations that would otherwise not have a security policy in place. Non-compliance can also carry a significant financial or operational penalty within some industries, which means that organizations are highly motivated to achieve compliance. Additionally they provide mechanism for calculating a score, so that business leaders can see progress being made without having to see any of the detail. However compliance does not equal security; it only means you have met the specified standard.
To adequately fight the cyber war, security teams need to be versatile and adapt to new technologies and defend against the ever evolving arsenal that cyber criminals are able to deploy. To be compliant with a static set of security policy settings may be good enough for the risk managers, but it is simply not good enough to be secure.
This is not to say that compliance is a negative thing; it does mean that everyone is at least at a minimum security level. However I have often seen struggles within organizations to justify the expense of going further than those minimum levels, and as a result the biggest information security threat could be one that we have made for ourselves.
Spotlight
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
Application vulnerabilities still a top security concern
Posted on 16 May 2013. | Respondents to a new (ISC)2 study identified application vulnerabilities as their top security concern. A significant gap persists between software developers’ priorities and security professionals’ concerns.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
