The police force in England’s second-largest city, the Greater Manchester Police (GMP), has suffered extensive disruption for several days following an infection by the Conficker worm.
Read More »

We saw in 2008 and 2009 how worms came back to prominence, thanks to the wide spread of Conficker and its variants. A timely reminder that the threat is still high was given last week, when Google revealed a highly sophisticated series of cyberattacks originating from China that stole some of its intellectual property and affected about 30 other Silicon Valley companies.

This recent attack shows how malicious software has evolved into an advanced weapon that can specifically target companies – even companies as advanced as Google – with the aim of gaining a financial or competitive advantage.

Attackers will try any method available to seed the malware onto a company network, including infecting USB flash drives and distributing them at events, or “losing” them in car parks for unwitting employees to find. That’s why latest-generation secure flash drives, such as our own Cruzer Enterprise range, can also feature onboard anti-malware scanning to nullify this threat.

It’s been talked about for some time, but now the UK’s information watchdog, the Information Commissioner’s Office, will soon be able to penalize companies that are proven to have acted recklessly or maliciously with personal data.
Read More »

Here’s an article on SC Magazine’s website on the explosive growth in storage capacities of USB flash drives, with a discussion of what steps can and should be taken to secure them. 

As SanDisk CEO Eli Harari pointed out recently, the increase in capacity of drives has exceeded Moore’s Law in recent years, making it increasingly tempting to use flash drives to store and transport large amounts of data. 

The article takes in comment from several vendors, including SanDisk, looking at the issue.  The conclusion is enterprises and IT-literate consumers are already taking advantage of secure flash drives to protect their data – but there will always be a price-conscious market for unsecured drives.

One of the basic rules of IT security is, as soon as an application or platform becomes popular, criminals are going to target it for malicious purposes.  FaceBook is no exception:  it’s recently been hit with a several rogue applications that try to lure users to phishing sites.

The apps themselves look innocuous, but if installed on a user’s account can set off a chain of events designed to lure friends to phishing sites.  If a friend tries to access the app, it phishes for their username and password, which is then stored and forwarded to the gang behind the app. 

So if you’re using FaceBook, be careful about apps forwarded to you by friends:  they may not have intended to send it to you, and it may not be friendly.  And if the app behaves suspiciously, asking you for additional details such as your username or password, then it probably is suspect.

The Chief Technology Officer (CTO) for the State of Michigan, Dan Lohrmann, recently gave this revealing interview. 

In it, he mentioned that the state has cut its overall IT spend by around 20% to $400 million per year.  However, spending on IT security has doubled in the last five years.  Also, when asked specifically about the risks of USB flash drives for data loss and introducing malware, Lohrmann commented:
 
“Certainly, data loss prevention.  It doesn’t necessarily mean it is intentional, but it is the insider threat. People think they are doing the right thing by bringing a Word document home with them - maybe that has some sensitive information on it - and use a home PC; they can certainly bring a virus back into the enterprise. We do have some protection mechanisms in place on devices to look for endpoint viruses and things.”

It’s good to see this strong awareness of the need to protect mobile data is out there at the highest levels.  Hopefully we see data losses and leaks finally starting to diminish this year.

Everyone knows that the “insider threat” – company employees – are a major security risk, right?  Well, according to a recent report by computer forensics specialist Verizon Business, the biggest IT security risk to business is still external parties.

The report found that 74% of breaches resulted from external sources, and just 20% were caused by insiders.  And worryingly, most of the security issues found could be traced directly to bad decisions or poor security practice within IT departments, not end users.
 
As mentioned in our earlier post, ‘Why the blame game doesn’t work’, individuals are frequently blamed for security lapses, and this diverts attention away from the real problem.

With cybercrime exploding and a rising wave of malware already seen this year, companies need to be more vigilant than ever before.  That means taking a long, hard look at all aspects of security, and ensuring that policies are enforced by solutions at all stages.

So perimeter security should be leakproof.  Data should be encrypted, wherever it is.  Staff should be issued with secure USB flash drives, that feature mandatory encryption.  Only by delivering security at all levels, can companies really start to take control, instead of wasting time looking for people to blame for breaches.