From the CIO’s perspective, IT and Network Security ultimately exist for one reason: to ensure the organization’s business applications securely drive the business. For IT this is fairly simple. Business applications is its business. IT is driven by the businesses’ needs and is responsible for enabling agility through IT. IT is involved, and has visibility into every aspect of the application’s lifecycle – from development through to delivery, performance monitoring and auditing. But when it comes to Security the story is a little different. Security exists to protect business applications, their connectivity flows and data. But, unlike the IT team, they are, in fact, working blind.
Globalization is the new normal for most organization today, but it can present some significant challenges – not least when it comes to managing the firewall estate across these large-scale, distributed networks.
Hear how an application-centric approach to security policy management – from automatically discovering application connectivity requirements, through ongoing change management and proactive risk analysis, to secure decommissioning – will help improve your security maturity and business agility.
SWIFT, the international cooperative that facilitates wire transfers, has hit the headlines recently, after falling victim to a series of attacks by cybercriminals. The first to come to light was the massive Bangladesh Bank $81 million heist . While details of this attack are still emerging, three factors are clear.
Globally, millions of systems connected to the internet are exposing insecure services to anybody who cares to look for them according to Project Sonar, a massive port-scanning operation by Rapid7. Let’s be clear: these are cybersecurity 101 mistakes. But it’s important to point out that the majority of these open doors are probably not on enterprise machines within large corporations, but rather they are probably home computers in small ‘mom-and-pop’ businesses, running basic Windows applications. Yet individual, poorly protected computers can actually have a significant impact on larger organizations’ cybersecurity posture.
All things considered, all we really have is our time. As IT and information security professionals, time is our most precious and scarcest resource. So, why is it that so much time is squandered in our profession?
Earlier this week, millions of customers of Swedish firm Telia, reported connectivity issues, with mobile apps such as WhatsApp and websites. The problem was so severe that the initial diagnosis was that a transatlantic cable had been severed or damaged. However, after much frantic investigation, it transpired that the outage was actually caused by a Telia engineer misconfiguring a router, resulting in all web traffic bound for Europe being sent to Hong Kong and causing a massive internet outage.
The average end user – and the average organization – probably uses far more devices and applications that deploy web technology than they realize. For an end user, this might mean that they’re not following the good online security practices that they think they are. For a business, this might mean that they’re not complying with PCI DSS– even if they think they are.
Hospitals are increasingly becoming a favored target of cyber criminals. Yet if you think about medical equipment that is vulnerable to being hacked at a hospital, you might not immediately think of high-end, critical equipment such as MRI and X-ray scanners, and nuclear medicine devices. After all, these devices go through rigorous approval processes by…Read More
Threat path intelligence is analyzing and assessing threat information in relation to your business, and preparing a suitable response or taking proactive protective measures. Given that these days it’s no longer a matter of if, it’s the matter of when you will be attacked, monitoring and tracking threat intelligence can be vital to saving your business.
What can organizations do to fight the disconnect between supply and demand and ensure that they have the right cybersecurity skills in place – one that can adequately protect them in an increasingly challenging world? The cybersecurity sector has generally-speaking been too introspective in recent years, expecting talent to simply land in their laps. But with the growing number of threats facing organizations every single day, and talented young IT enthusiasts choosing alternative career paths, it’s a problem that can’t be ignored any longer especially, as my colleague, Nimmy Reichenberg, likes to say “creating a security professional with 10 years of experience takes … well, 10 years”.
Burger King may have updated its slogan from ‘Have It Your Way’ to a more lifestyle-friendly ‘Be Your Way’, but the underlying message still stands. Order a burger, and they will deliver it exactly as you want it – while still following a standard, automated, quality and highly efficient process.