Pages

Tuesday, July 17, 2007

Oracle to release 46 security fixes - IT Security News - SC Magazine US

Computer security breach puts some records at risk

Unauthorized file-sharing software leads to Pfizer employees’ data exposure

Company Says Worker Stole, Sold Data - washingtonpost.com

Statement about stolen computer back-up tapes

Hackers steal data from PCs

HACKER ATTACK $HOCK

Sensitive data loss soars

University-owned laptop with student data stolen - Minnesota Daily

Confidential data revealed on Encinitas' Web site - North County Times - Coastal -

MSD worker fired in security breach

Monday, July 16, 2007

Cybersecurity realities hit financial firms - Austin Business Journal:

Cybersecurity realities hit financial firms
Austin Business Journal - July 13, 2007
by Ed Amoroso
Contributing Writer

Like it or not, we are reliant on computer and network systems for our business and personal financial needs. We enjoy greater access to near real-time financial data than ever before.
That's one reason I cringe when someone from the banking and finance industry claims to have never been hacked. I've seen plenty of overly confident information technology types wish they had taken a closer look. One reason attacks are fairly widespread is that when PCs are connected to networks, they are immediately exposed to all sorts of security threats. Moreover, the most common security initiatives, such as firewalls, can be penetrated or bypassed quite easily in many environments.

Disclosed secrets
The payment card industry has been especially challenged by disclosure of personal information. Unfortunately, very little progress has been made in prevention of disclosure threats on computers. While encryption works well for information in transit, it can be compromised when information is stored.

Theft
Stopping online fraud can be especially challenging because the identity and location of end points can be tough to accurately determine. The most common method of identity theft involves phishing scams in which individuals are convinced to supply personal information by an official-looking email. One promising technique to prevent phishing provides stronger forms of authentication through the use of tokens that randomly generate a different numeric password every minute.

Destroying and deleting assets
In a nationwide survey of 1,000 U.S.-based IT executives conducted by AT&T, 74 percent rated viruses and worms among the top three threats. Even so, most organizations rarely back up anything but the most critical information, which leaves the vast majority of their information at risk. To protect against PCs being corrupted, files being infected or system attributes being changed, it is essential to establish standards that ensure periodic backups. Using systems that enable audit trails and control access to individual devices and the network are also strongly recommended.

Denial of service
Denial of service in cybersecurity involves a malicious intruder intentionally blocking a computer of network service from its authorized users. To be frank, this is a capacity issue. If a system can only handle so much capacity, then attackers can simply initiate malicious activity that will exceed that capacity. In the financial services industry, the good news is that considerable emphasis has been directed toward reducing security risks. Massive investments have been made to reduce fraud and protect networks from hackers, criminals and cyber terrorists. Ultimately, there is no substitute for software developed with security in mind, improved system administration and reduced system complexity.

Ed Amoroso is senior vice president and chief security officer for AT&T and the author of "Cyber Security."
Contact the Editor
All contents of this article © American City Business Journals Inc. All rights reserved.