Last weekend was a typical one, nothing out of the ordinary: errands, science fairs, softball practice with the kids. However, I found myself hesitating a number of times, thinking twice, before I handed my credit card to the cashier at the mall for to purchase a pair of shoes and again as I typed in my credit card number and security code online to purchase some items for a school fund raiser. In the past, I hadn’t given this much thought, but with yet another data breach in the news, it seems that the breaches are continuing to occur – and as consumers, we will continue getting those ‘Dear John’ letters informing us we were one of the unlucky ones…
With news of another data breach of up to 1.5 million credit and debit cards compromised last month as well as high-profile data attacks against the International Monetary Fund, National Public Radio, Google and Sony’s PlayStation Network, data security should be top of mind to all of us. So, how are these breaches continuing despite all of the efforts to secure customer data? In a series of blog entries to follow, we’ll outline the anatomy of a data breach, steps you can take to reduce your risk, and how Cisco can help keep your organization from being the topic of the next breach headline.
Anatomy of a Data Breach:
It used to be that hackers were in the business of hacking for fame or infamy… mostly individuals or groups of friends were doing small-time breaches, leaving digital graffiti on well-known websites. Although these breaches demonstrated security gaps among those affected, there was little financial impact compared to today. It should come as no surprise in a world of big data, that it is harder than ever for organizations to protect their confidential information. Complex, heterogeneous IT environments make data protection and threat response very difficult.
Reduce the risk of compromised company data by securing users’ smartphones
Once upon a time, a mobile phone was just a phone—you made and received calls on it, and that’s all. It posed zero risk to the security of your network or your business. Now, a mobile phone is so much more than just a phone. It’s a personal assistant, a portable game player, a digital camera, and most importantly, a full-fledged computer—and these smartphones definitely pose a security risk. Just like a laptop, smartphones, tablets, and other mobile devices can connect to your network, which means they could compromise your company’s data or leave your network vulnerable to attack from a hacker. You wouldn’t leave employees’ laptops unsecured, so why would you take chances with their mobile devices?
For the most part, the same security measures you ascribe to the computers on your network in the office should also be applied to mobile devices that have access to your LAN. Just like desktop PCs and laptops, all mobile devices need software protection to guard against malware and other attacks. Smartphones and tablets should have a firewall as well as antispam and antivirus software installed, such as the Cisco AnyConnect Secure Mobility Solution and Norton Smartphone Security offering.
Organizations are faced with providing security for employees that are rapidly adopting new technology in their personal and professional lives and expect their work environments and employers to do the same. As the data from the new Cisco 2011 Annual Security Report and the Cisco Connected World Technology Report Chapter 3 show, organizations that do not or cannot provide that type of environment are at risk of losing the ability to compete for those employees and business opportunities. If employers attempt to block, deny, or forbid mobile devices, social networks, instant communications, and new technologies in the work place employees will likely ignore the policies or, even worse, find ways around them that open your environment to unrealized risks.
Reports of the recently discovered Duqu trojan have spawned much speculation and even resulted in the trojan being dubbed “the son of Stuxnet” or “Stuxnet 2.0.”
So what is Duqu and how does it compare to Stuxnet?
Duqu is an infostealer trojan designed to sniff out sensitive data and send it to remote attackers. Conversely, Stuxnet was a worm with a malicious payload designed to programmatically alter industrial control systems.