In this digital age, we rely on our computers and devices for so many aspects of our lives that the need to be proactive and vigilant to protect against cyber threats has never been greater. However, in order to be as secure as possible, we need to use good cyber hygiene - that is, making sure we are protecting and maintaining systems and devices appropriately and using cyber security best practices.
So, spending $75K could have completely avoided the $1M expense - not a bad ROI, especially since I'm not including any soft costs like hiring new CIOs and CISOs, dealing with regents and other board of director-like functions, etc. Even if I worst-case it, the prevention costs do not exceed the hard avoidance costs. Vulnerability assessments and log monitoring are sort of security 101 - even a university is completely deficient if they aren't already doing those things. But I'll assume that it was being done so badly that signing up for a vulnerability scanning service and buying a mid-range SIEM product is required. I'll throw $30K/year and .1 FTE at the former, and $100K acquisition, $30K second year costs and .25 FTE at that.
Public WiFi is one of the locations where your computer, tablet and smartphone are most vulnerable to attack.
Last week, the director of Utah's Department of Technology Services (DTS) resigned in the wake of a massive data breach that exposed the personal information of nearly 800,000 people to hackers believed to have been in Eastern Europe. The breach did not happen due to sophisticated malware, however. Instead, a series of configuration mistakes during an upgrade left the serverwide open to attackers, who downloaded data from the server March 30.
Porter, a member of Verizon's RISK Team, which worked to pull breach stats and figures for the 2012 Data Breach Investigations Report, says regardless of the investigated organization's size, industry or geographic location, the root causes for breaches more often than not could be traced to simple things, such as credential compromises or Web application attacks. "Most of the time, it's pretty simple," Porter says. "They need to change passwords and implement some sort of firewall to protect remote access from the Internet."
The low volume of serious malware for the iOS platform makes iOS users complacent about the kinds of security risks they are facing. But the truth is that iPhone users still face a variety of security threats. Webmail accounts can be hacked when users click on malicious links or have their identity stolen because they entered data on phishing sites from the mobile Web browser.
Going online has become universal. We expect Internet access wherever we are for whatever we need. However, when you are on the road or on vacation, accessing the Internet can be challenging. Connections may be not only slower but also at greater risk, especially when connecting to public networks or using a public computer. The key to using the Internet securely while traveling is to understand these additional risks, use caution, and be prepared.
In the third and final part of my series on OS X security, I will cover system security. If you missed out previous articles, check out part one on hardware security and part two which covers user security.
On the Full Disclosure mailing list, an unknown contributor has disclosed a previously unknown security problem involving files shared via SMB under Windows. A buffer overflow in the heap can be exploited to inject arbitrary code into a system and execute it. The contributor also provided suitable code to demonstrate the problem.
This month we look at the buzz and some measurable security merits of the Big Four browsers: Internet Explorer, Firefox, Chrome, and Safari. Browser Wars are a competition for market share. (1) The fighting is about speed, add-ons, graphics, and the user interface. Every now and then a pronouncement about security gets tacked on to the discussion, as an afterthought: "It's better, and safer, too." Despite its second billing, your browser is the most likely pathway
through which malware will attempt to enter your computer. It's important to use the latest version, keep it patched, and be judicious about the websites you visit.