Tag Archives: information security

Immediate Vault Immediate Access

Engaged Boards Lead to Better Information Security Practices

Posted on by

Board of Directors

According to a new study from Protiviti, engagement by a company’s board of directors is a critical factor in best managing information security risks.

Overall, engagement and understanding of IT risks at the board level has increased, yet one in five boards still have a low level of comprehension. As the report states, this suggests “their organizations are not doing enough to manage these critical risks or engage the board of directors in a regular and meaningful way.” Further, while large companies do exhibit stronger board-level engagement, it is not a dramatic distinction.

Overall engagement data

Of those companies that have implemented all core security policies—an acceptable use policy, record retention and destruction policy, written information security policy (WISP), data encryption policy, and social media policy—78% have boards with a high or medium level of engagement on information security. Even rudimentary security measures appear to vary with board engagement. Three out of four organizations with engaged boards have a password policy, while just 46% of those with medium or low levels of engagement have this basic provision in place.

IT Security Measures

The study did find two particularly alarming trends, both in companies with and without risk-aware boards. There was a significant increase this year in the number of organizations without a formal, documented crisis response plan to address data breach or cyberattack. Further, a surprising number of companies still do not have core information security policies. “One in three companies do not have a written information security policy (WISP). More than 40% lack a data encryption policy. One in four do not have acceptable use or record retention/destruction policies. These are critical gaps in data governance and management, and ones that carry considerable legal implications,” the report states. “On the other hand, organizations with all of these key data policies in place have far more robust IT security environments and capabilities.”

 

What Motivates Hackers?

Posted on by

At Black Hat USA 2014, the preeminent global information security conference for self-identified “black hat” hackers, IT security firm Thycotic surveyed 127 participants to determine what makes hackers tick. “Understanding why hackers do what they do is the first step toward better protecting your sensitive data from unsanctioned access,” the firm explained.

buy strattera online orthosummit.com/wp-content/uploads/2023/10/jpg/strattera.html no prescription pharmacy

Most are motivated by thrill, Thycotic found, and profoundly few are worried about getting caught. What’s more, despite extensive media coverage, companies’ internal education efforts and all the security measures implemented by IT departments, 99% of hackers report that basic tactics like phishing are still effective.

buy rybelsus online orthosummit.com/wp-content/uploads/2023/10/jpg/rybelsus.html no prescription pharmacy

And almost half of them are working on more sophisticated approaches.

buy zestril online orthosummit.com/wp-content/uploads/2023/10/jpg/zestril.html no prescription pharmacy

Check out the highlights from the firm’s Black Hat 2014 Survey:

Thycotic Hacker Infographic

New Studies Highlight Sources, Patterns of Data Breach—And How to Do Better

Posted on by

Three recent studies provide a great reminder of the threats of data breach—and the role workers and IT departments play in either maintaining a company’s defense or letting malware storm the gates.

In its 2014 Data Breach Investigations Report, Verizon identified nine patterns that were responsible for 92% of the confirmed data breaches in 2013. These include: point of sale intrusions, web application attacks, insider misuse, physical theft/loss, miscellaneous errors, crimeware, card skimmers, denial of service attacks, and cyber-espionage. They have also identified the breakdown of these patterns in various industries, highlighting some of the greatest sources of cyber risk for your business:

Verizon Data Breach Investigations Report

Verizon’s report also offers specific information about the patterns and advice on how to respond to them.

Many sources of vulnerability come from within, and there is less variation than you might expect in terms of who the riskiest workers may be.

buy atarax online www.handrehab.us/images/patterns/jpg/atarax.html no prescription pharmacy

A survey by the Pew Research Center found that 18% of adults have had important personal information stolen online, including Social Security number, credit card, or bank account information—an 8% increase from just six months ago. Further, 21% of adults who use the internet have had an email or social networking account compromised. Two groups that make up a large part of the workforce were hit particularly hard during this period: young adults and baby boomers. The percentage of individuals in these groups who had personal information stolen online doubled between July 2013 and January 2014.

buy symbicort online www.handrehab.us/images/patterns/jpg/symbicort.html no prescription pharmacy

stolen personal data by age

But as this chart shows, all age ranges have experienced a significant amount of data theft as of the beginning of the year.

Indeed, according to meetings-software company TeamViewer, 92% of IT administrators have seen troublesome habits among office workers using company computers. These risky behaviors are frequently known to open the work system to viruses or other malware, including:

  • Browsing social media websites (reported by 82% of IT admins)
  • Opening inappropriate email attachments (57%)
  • Downloading games (52%)
  • Plugging in unauthorized USB devices (51%)
  • Plugging in unauthorized personal devices (50%)
  • Illegal downloads, such as pirated movies, music or software (45%)
  • Looking for other jobs (39%)

Further, nine out of 10 IT administrators reported witnessing problems to company equipment because of these actions, including viruses (77%), slow computers (74%), crashed computers (55%), mass popups (48%) and inability to open email (33%). Not only do these behaviors leave corporate infrastructure at risk, but they may endanger the overall HR program, as a vast proportion of IT workers report feeling frustrated, angry and discouraged.

buy xenical online www.handrehab.us/images/patterns/jpg/xenical.html no prescription pharmacy

Up to 12% even said that they were considering quitting over these bad behaviors and increased strain on the IT department.

So what can you do? Administrators agreed that better security software, using remote access to fix problems, installing disk cleanup software, integrating automatic backup solutions, and offering the ability to telecommute would all help mitigate these issues and make their jobs easier.