Tuesday, May 4, 2010

Guest Post - Nick Volpe

Nick Volpe is at student at Immaculata University.  He is also a cybersecurity research analyst intern for Fortalice®, LLC.

Here is his guest post regarding some key headlines:  1.  VISA  2.  TOP 10 THREATS FOR 2010 3.  GOOGLE

Credit Giant Visa Acquires Payment Security Firm

Credit card giant Visa has announced plans to acquire a provider of electronic payment, risk management, and payment security solutions for online services. The company, CyberSource, processes just about 25% of all online transactions in the US including on Facebook, Home Depot, and Google among others.  Once combined, Visa will have a better advantage at helping companies minimize loss of dollars in fraud. Joseph W. Saunders, Chairman and CEO of Visa said in regards to the news, "Online commerce continues to grow rapidly and this acquisition will enable Visa to offer new and enhanced services that will better meet the growing demand among merchants globally for robust, secure online payment processing capabilities which in turn will grow the entire eCommerce category."  The transaction still has to be approved by stockholders and regulators but looks promising.

Source: “Visa Inc. to Acquire CyberSource to Accelerate eCommerce Growth”  http://corporate.visa.com/media-center/press-releases/press1010.jsp

Inside Tech’s Top Info Security Threats of 2010

Malware is a very serious and escalating threat that tops Inside Tech’s list. Many software vulnerabilities still exist today and will continue to exist but another major component of getting malware is human error. IBM reported that during the first half of 2009, malicious links on sites increased 508%.

Also, that same year, the FBI reported that cybercrime cost more than $1 billion in profits, surpassing drug trafficking as the most lucrative illegal business.

Malicious Insiders come usually in the form of disgruntled employees. Fannie Mae and United Way are two cited cases where former employees disrupted operation of the company soon after leaving the company.

Exploited Vulnerabilities are a major issue separate from malware because many consumers and organizations are not patching their systems properly. Microsoft’s Security Intelligence Report notes Conficker as the top threat to enterprise during the first half of the year 2009.

Careless Employees can be a major threat to an organization. Sometimes, people do not realize they can fall victim to social engineering attacks and other malicious attacks intended to steal information important or insignificant. According to research done by RSA, 52% of respondents admitted to accidental data loss while 19% admitted to deliberate data loss.

Mobile Devices are easy ways for people to obtain information from corporate network remotely. Some malicious software target these type of devices because they are not usually protected from such types of software and can be a means of access to these pools of valuable data. A USB drive infected with
Conficker shut down a town council for a few days costing them just short of a million dollars.

According to the CTO of SMobile Systems, over 400 mobile viruses and malware are known.

Social Networking compromises personal data because malicious software can be designed to specifically target these users. More and more employees are also accessing these sites from company systems which increase the threat against the organization.

Social Engineering takes place on just about every medium. As security software and hardware gets more and more sophisticated, hackers depend on social engineering increasingly.

Zero-Day Exploits happen when hackers exploit vulnerability before a patch or fix exists. This is especially bad for companies depending on software vendors to develop the fix hence putting the company at risk in the meantime. These exploits are an ongoing and steady risk. Microsoft alone has 3 exploits in IE 6, 7, and Windows 7.

Cloud Computing Security Threats is a problem in that web-based services aren’t necessarily secured in the way we would normally expect. Many use encryption for security and some use no security which puts a lot of information at risk. Many exploits are also designed to attack web services like a recent Yahoo Mail incident that exposed accounts to hackers.

Cyber Espionage is occurring more and more. This mostly happens in government organizations but is still a major threat to us all. The U.S. Department of Defense has seen an about 60% increase over 2008 in targeted cyber attacks.

Sources: “The Top 10 Information Security Threats of 2010”

http://insidetech.monster.com/careers/articles/8056-the-top-10-information-security-threats-of-2010 page=11&utm_content=artmini&utm_source=nlet

“Incompetence a bigger IT security threat than malign insiders” http://www.theregister.co.uk/2009/08/25/rsa_accidental_security_breach_survey

CNET Reports Google Systems Attacked by China, Passwords Stolen

Google’s Gaia system, which allows users to sign in to their services, was compromised in December when a Google employee clicked on a link in an IM in China which gave access to the company’s headquarters in California. As a result, Google revealed some information to the public about the attack including that it would cease to censor Chinese search results and that some intellectual property of theirs was stolen along with that of other organizations by the country. Gaia is still in use at this time and Google now gives Chinese visitors to its site, unrestricted access to search results.

Source: “Report: Google password system attacked” http://news.cnet.com/8301-1009_3-20002890-83.html?part=rss&subj=news&tag=2547-1_3-0-20

No comments:

Post a Comment