Nsauditor Network Security Auditor - Advanced All-In-One Network Tools Suite!
  Recommended Product
Network Security Audit Software
Network Security Audit Software and Computer Security Tools
Download Learn More
Nsauditor Screencast
 
 
  Network Security Software
Network Bandwidth Monitor Network Bandwidth Monitor
NBMonitor tracks Internet bandwidth usage (upload and downloads) and shows process names initiated network connections...
Network Hardware Inventory Software Network Hardware Inventory Software
Nsasoft Hardware Software Inventory is a powerful network inventory software for home, office and enterprise networks...
BlueAuditor Monitors Mobile Devices in Wireless Network BlueAuditor Monitors Mobile Devices in Wireless Network
BlueAuditor is a wireless personal area network auditor and easy-to-use program for detecting and monitoring mobile devices in a wireless network...
Network Access Monitoring Network Access Monitoring
ShareAlarmPro allows easily perform network shares and folder monitoring, block unwanted users attempting to access secured shares...
Network Shares Monitoring Network Share Watcher
Monitors network folders permissions and identify shares which are violating company data access policy...
NetworkSleuth Network File Search Utili NetworkSleuth Network File Search Utiliy
NetworkSleuth is a network file searching utility, that allows you to quickly locate files across a network....
Product Key Finder Product Key Finder
Product Key Explorer enables you to quickly recover over 3000 popular software product keys from network computers...
Backup Key Recovery Crashed Drive Keys Recovery Backup Key Recovery Crashed Drive Keys Recovery
Backup Key Recovery retrieves product keys for Windows, MS Office, SQL Server, Adobe products and more than 2500 popular software products...
 
 

Network Security News

IT Must Change Security Strategies to Keep Up With Cybercriminals

Apr 02, 2012 | ITNews.com

With an eye to the threat horizon several years out, organizations can no longer afford to leave responsibility for managing security risks at the door of the information security department. Instead, organizations must adopt a much more strategic and business-based approach to risk management, says Steve Durbin, global vice president of the Information Security Forum (ISF).

"While we're now emerging from the economic downturn, certainly here in the U.S. at least, there has been reduced investment across the enterprise and in information security in particular," Durbin says. "Enterprises are now playing catch up. Cybercrime, the malspace, those guys didn't suffer from the downturn."

"While individual threats will continue to pose a risk, there is even more danger when they combine, such as when organized criminals adopt techniques developed by online activists," he adds. "Traditional risk management is insufficiently agile to deal with the potential impacts from activity in cyberspace. While executives recognize the benefits and opportunities cyberspace offers, their organizations must extend risk management to become more resilient, based on a foundation of preparedness."

The ISF is a nonprofit association that researches and analyzes security and risk management issues on behalf of its members, many of whom are counted among the Fortune Global 500 and Fortune Global 1000. The ISF recently released Threat Horizon 2014, the latest in an annual series of Threat Horizon reports that forecasts the changing nature of the information security landscape. The ISF has predicted that both the range and complexity of information security threats will increase significantly over the next two years, and organizations must prepare now.

Durbin notes that security is no longer just a matter of protecting data and IP. Data breaches can have a material impact on brand and reputation--and ultimately stock price--Durbin says, making security a top-level matter for the business as a whole.

The report identifies three primary drivers of risk that organizations should focus upon over the next two years.

External Security Threats

External threats will remain a top consideration and Durbin predicts the threat will evolve as a result of the increasing sophistication of cybercrime, state-sponsored espionage, activism's shift online and attacks on systems that affect the physical world, including industrial control systems. The ISF predicts the following:

Cyber criminality will increase as the malspace matures. Organizations that commit cybercrime, espionage and other malevolent activity online have already achieved global scale and incredible sophistication and will continue to grow and develop in the coming years.

The cyber arms race will lead to a cyber cold war. Nations are already in the process of developing more sophisticated ways to attack via cyberspace and will improve their capabilities in the coming years. Nations that haven't already developed this capability will get programs under way. And businesses in the private sector shouldn't assume they'll be immune. The ISF predicts businesses will suffer collateral damage, especially as targets for espionage will include anyone whose intellectual property can turn a profit or confer an advantage.

More causes will come online and activists will become more active in cyberspace. The ISF predicts anyone who is not already using the Internet to advance their cause will start doing so over the next two years, including customer affinity groups, community associations, terrorists, dictators, political parties, urban gangs and more. All of them will find inspiration in the examples of the Arab Spring, Occupy Wall Street and Wikileaks.

Cyberspace will get physical. The Stuxnet computer worm that destroyed a number of uranium enriching centrifuges in Iran in 2010 was an early example of this trend, Durbin says. The ISF believes the increasing convergence of cyber and physical will lead to more attacks on physical systems, from attempts to turn off lights and climate control systems to disrupting manufacturing systems.

To prepare for these threats, the ISF recommends that organizations ensure that standard security measures are in place, and that they develop cyber resilience by establishing a cyber security governance function, timely attack intelligence gathering and sharing, a resilience assessment and adjustment capacity and a comprehensive response plan.

Regulatory Threats

Malicious outsiders aren't the only things organizations should be worrying about. The regulatory environment also bears watching. ISF predictions include the following:

New requirements will expose weaknesses. The move toward transparency in security disclosures will publicize weaknesses. The ISF says organizations forced to report security risks may have as much to fear from customers and business partners as from hackers and regulators.

A focus on privacy may be a distraction from other security efforts. New privacy requirements demanded by consumers, business customers and regulators will impose a heavy compliance burden, the ISF says. Organizations will have to decide whether to invest in the necessary security and legal controls, outsource or leave certain markets all together. The ISF notes organizations will also have to consider the message their actions send to customers.

To prepare for these threats, the ISF says organizations should amend their data protection frameworks and information management procedures to reflect legislative changes and review new requirements in detail to align privacy-related controls with other controls. The ISF also recommends joining and participating in industry and other associations to assess and influence policy.

Internal Security Threats

There are also internal issues to consider, both as a legacy of under-investment during the economic downturn and the blistering pace of technology evolution. The ISF predicts the following:

Cost pressures will stifle security investment, harming the information security function's capability to keep up. Even organizations that are once again investing in information security can't correct a history of under-investment overnight. But cybercriminals have continued to invest in their capabilities throughout the downturn, and organizations can expect that it will be easier and less expensive for criminals to acquire the technology and services they need to perpetrate their crimes.

Clouded understanding will lead to an outsourced mess. The ISF believes that continuing cost pressure will lead to a new digital divide that separates businesses into organizations that understand the marriage between IT and information security and organizations that don't. It predicts leading organizations will appreciate the strategic value of channels, systems and information and will invest in those areas. Organizations that don't get it will suffer competitive disadvantage and heightened risk of damaging incidents.

New technologies will overwhelm. The ISF expects organizations to continue to rapidly adopt new technology. Along with the business benefits of doing so will come new vulnerabilities and methods of attack. Organizations must understand their dependence on technology or suffer a nasty surprise.

The supply chain will spring a leak as the inside threat comes from outside. The ISF notes that a modern organization's data is spread across many parties, leaving their data vulnerable to incidents that affect their suppliers. The ISF says these risks will increase as organizations further digitize their supply chains, outsource additional functions and rely on external advisors.

To prepare for these threats, the ISF recommends security professionals help senior management understand the value of information security. Organizations should adopt information security governance and integrate it with other risk and governance efforts within the organization. Businesses also need to understand their risk appetite and ensure the value of continuous security investment meets the business need and is adequate and well spent.

Finally, enterprise also need someone to take ownership of coordinating the contracting and provisioning of business relationships, including outsourcers, offshorers, supply chain and cloud providers.

View more news...

 
  Most Popular Articles
 
 
  Email Subscriptions
Enter Your Email to be Notified of Software Updates:

 
 
  Popular Searches
network security magazine network security auditor network security news network security software corporate network security network security systems home network security product key finder password recovery software Network Bandwidth Monitor Network Access Monitoring data access policy monitoring remote shutdown Network File Search key recovery Network Monitoring Computer Security Ethical Hacking Network Security Network Inventory Software Information Security
 
 
  Partner Sites
Network Security Auditor
Nsauditor is a complete networking utilities package that includes more than 45 network tools and utilities for network auditing, scanning,network connections monitoring and more. For more information, please visit:
www.nsauditor.com


Password Recovery Software
SpotAuditor is All-in-one password recovery program that offers administrators and users a comprehensive solution for recovering passwords and other critical business information saved in users' computers. For more information, please visit:
www.password-recovery-software.com

Product Key Explorer
Product Key Explorer quickly recovers and displays product key, including Windows 7 keys, Windows Vista key, Windows XP product key, Microsoft Office 7 product key, MS office 2010 key, Adobe Photoshop, Adobe CS5, CS4, CS3, SQL Server, Electronic Arts games and more than 3000 popular software products:
www.product-key-explorer.com/