Posts Tagged ‘security’

The proliferation of social networking and the acceleration of personal devices for corporate use can be a boon for remote workers. Unfortunately, this increase in systems and cross-platform networks can also be a huge opportunity for cybercriminals looking to launch targeted attacks.

In 2012, the sophistication of mobile malware intensified, damaging individuals, businesses and governments alike, revealing one of the year’s top security trends: that the traditional combination of username and password is not a strong enough security barrier.

With this in mind, the following security experts share their thoughts on why more secure authentication methods are needed in 2013:

“The fact is that passwords, as a security technology, are reaching the end of their useful life. Moving to a world where alternative authentication systems are the norm is incredibly difficult, and as a consequence we are entering into a period of time when we are going to have to continue to rely on a security control that doesn’t work. Encouraging users to pick longer passphrases, and proactively auditing networks for weak passwords are steps that can be helpful during this time. Increasingly, we are going to see attackers entering networks with legitimate access credentials without ever having to fire an exploit that would trigger an intrusion detection system. We need to be prepared for this type of attack activity.” Tom Cross, director of security research at Lancope 

“Nine out of 10 intrusions involved compromised identities or authentication systems, so enterprises need to make sure they have a sound process for creating, managing and monitoring user accounts and credentials for all of their systems, devices and networks.”Wade Baker, Verizon RISK Team

“The password-only security model is dead. Here’s why: Easily downloadable tools today can be used to crack a simple four- or five-character password in only a few minutes…Next year, we are likely to see an increase in businesses implementing some form of two-factor authentication for their employees and customers. This will consist of a Web-based login that will require a user password along with a secondary password that will either arrive through a user’s mobile device or a standalone security token. While it is true the recently discovered botnet Zitmo cracked two-factor authentication on Android devices and RSA’s SecurID security token (hacked in 2011), this type of one-two punch is still the most effective method for securing online activities.” –  FortiGuard Labs’ 2013 threat predictions, Fortinet

What do you think? Will authentication attacks, including stolen usernames and passwords, continue to plague network security?

CNETFour security trends defined 2012, will impact 2013
eWeekBYOD, Social Media Among Top Security Threats of 2013
CSOThe week in security: Attacks continue; are you ready for 2013?
IT Business EdgeHow to Approach Mobile Security in 2013

*Editor’s Note: This column originally appeared in TechTarget’s

Question: Remote workers in my company access application stores through their mobile devices. How can I ensure app store security for my users?

The best approach is to deploy a mobile device management system that allows the capability to block access to public application stores, as well as allows for a whitelist of allowed applications. Depending on the number of mobile devices and the application requirements, it is best to operate a company-owned application store. This has many advantages and offers the best control overall.

Editor’s Note: Part one of this two-part series ran last week. 

By Nicholas Greene

Why are VPNs implemented? One word: mobility. Constant connectivity, ease of communication, increased efficiency and increased productivity are not only crucial for corporate environments, but for government organizations, as well. The ability to access government records across offices, provide live updates on city maintenance, or quickly coordinate emergency services are just a few reasons why remote access is a critical consideration for any branch of government, and the increased efficiency offered by a VPN solution means that government employees can accomplish more in less time. That mobile VPNs allow applications to persist through periods of disconnection only strengthens their position.

Yet another feature of VPNs that makes them indispensable to governments is the degree of scalability they enable for deployments. A VPN solution can, for example, allow communication between a number of different branches and locations. As such, the deployment of the technology at various locations is simpler, and far more cost-effective to boot. Again, this is a feature that’s especially important for a governmental organization.

Overall, it should be plain to see why, if you’re an official at any level of government, a VPN isn’t simply important — it’s absolutely vital.

eWeekSecurity Issues Pose Hurdles for BYOD Migration: Gartner
Government Computing News10 predictions for government IT in 2013
Network WorldApple iOS vs. Google Android: It comes down to security
Wall Street & Technology10 Financial Services Cyber Security Trends for 2013