What’s the best way to protect against security incidents? Most security professionals would agree with the old colloquialism that, “an ounce of prevention is worth a pound of cure.” The theory here is that if you lock down your IT infrastructure, applications, and sensitive data, you’ll make it much harder for bad guys from the start.
2. Bugs Money
Talk about geek chic. Facebook has started paying researchers who find and report security bugs by issuing them custom branded “White Hat” debit cards that can be reloaded with funds each time the researchers discover new flaws. I first read about this card on the Polish IT security portal Niebezpiecznik.pl, which recently published an image of a bug bounty card given to Szymon Gruszecki, a Polish security researcher and penetration tester. A sucker for most things credit/debit card related, I wanted to hear more from researchers who’d received the cards.
The Information Commissioner's Office (ICO) has recommended that communications providers submit a list of data breaches every month. In updated guidance for businesses, the ICO said that while this would help tackle the problem, the more significant breaches needed to be disclosed as soon as they have happened. There is already European regulation that stipulates comms providers must detail any breaches, but until now there had not been a specific time frame, in spite of the regulations being updated this year.
The past 12 months were marked by major events in computer and network security. The Stuxnet worm demonstrated that malware could cripple an Iranian uranium enrichment plant, while managers of SCADA systems worldwide began to discover and patch unsuspected vulnerabilities. Security researchers scored success in taking the Coreflood and DNS Changer botnets offline, but the botnet threat remains high. Hackers from the Anonymous collective took major banks offline and threatened critical infrastructure installations. Mobile telephones emerged as tempting targets for intruders. Sophisticated, coordinated malware outbreaks spawned fears of government-sponsored cyber attacks.
The Homeland Security Department released a new cybersecurity strategy document with a two-pronged approach: protecting critical infrastructure today and building a more secure cybersecurity ecosystem for the future. The Blueprint for a Secure Cyber Future was released on Dec. 12 as a framework for responding to evolving cyber threats.
The ThreatGeek Top 5 is a weekly post that identifies relevant industry news and stories. Check in to stay up to date with the latest happenings throughout the industry.