Tag: security

Whose priorities do IT departments really care about?

A survey of IT managers shows that business risk and customer security are not their greatest concerns

Earlier this week mobile security company Imation showed off their latest range of Ironkey encrypted USB sticks and portable hard drives.

Accompanying the launch was a presentation from Stollznow Research on how Australian companies are managing data with a comparison against similar surveys carried out in the UK, US, Canada and Germany.

Of the 207 senior decision makers in Australian medium to large businesses surveyed, there were some interesting results on the attitudes of the nation’s IT departments and CIOs.

In the field of confidence about the security of their networks, Australian IT managers came out a lot more paranoid than their foreign counterparts with only 38% of Aussies confident their office data is protected from loss or theft against 73% overseas.

That result is encouraging as the internet and the world of IT security has a habit of severely punishing those with a false sense of security.

What was particularly notable though with the Imation research was what IT managers considered to be the consequences of a security breach.

consequences-of-data-breach

Around the world, IT managers see the headache of cleaning up the mess and bad media coverage as being the biggest consequences of a data breach. Customers come fourth in priority and even then the only concern is losing clients rather than the effects it could have on those people’s lives.

One of the tragedies of the continued Sony data breaches in 2011 was the leaking of credit card details. Many of those customers on pre-paid cards were young or low-paid workers who quite possibly lost all the money in their compromised accounts – debit cards don’t have the same protections against fraud as credit cards.

Even more terrible are the effects on those who become victims of identity fraud as consequence of a data breach. Letting that sort of information out is a fundamental betrayal of trust by organisations with sloppy security.

Interestingly over a third of respondents feared losing their jobs as a result of data being breached, in a perfect world it would be higher although we don’t live in a period where those accountable take responsibility for their actions.

What’s more likely in many smaller businesses is that a data breach could be the entire organisation to fold, something that should worry anyone running a startup or small business.

It may be true that many CIOs and IT managers aren’t too worried about the business effects of a data breach or system outage which shows that security – both physical and digital – are the job of everyone in an organisation, not just one department or executive.

Similar posts:

Disrupting the GPS network

Spoofing GPS signals presents a real risk to many industries and businesses.

Another day, another technology security issues – this time The Economist reports the Global Positioning System can easily be hacked to alter the courses and positions of vehicles and equipment, something proved by University of Texas researchers taking control of a super yacht by setting up a false GPS signal.

Given the importance of the GPS, this is a significant problem. There’s no end of mischief that malicious individuals could get up to by distorting the signals in their neighbourhoods.

One idea that immediately came to mind on reading the story was how a cunning restaurant owner could make all the GPS units in the neighbourhood think they are sitting outside his business. Anybody using a smartphone app would think the nearest eating place was his, it would also fool systems like Local Measure that use geotagging as part of their service.

The risks though are greater than sneaky restaurant owners, the University of Texas researchers showed how a 65m, $80 million dollar ship can be tricked into sailing off course by ‘spoofing’ the real GPS signal.

With everything from emergency services’ tracking systems to smartphone and dog collars relying on GPS, the risks are huge.

It’s another reason why we need robust systems along with the critical thinking skills to know when the computer is wrong.

Similar posts:

Security by obscurity’s false promise

Suppressing public knowledge of security flaws is not the way to fix a software problem.

Yesterday’s post looked at how security needs to be a fundamental part of connected systems like cars and home automation, an article in The Guardian shows how auto manufacturers are struggling with the challenge of making their products secure.

In the UK, Volkswagen has obtained an injunction restraining a University of Birmingham researcher from divulging security weaknesses in Porsche, Bentley, Lamborghini and Audi cars.

A mark of desperation is when a company has to go to court to suppress the details of a software security breach, it almost guarantees the bad guys will have the virtual keys while the general public remain ignorant.

Over time it backfires on the company as customers realise their products aren’t secure or safe.

The real problem for Volkswagen is a poor implementation of their security systems. It was inevitable that a master code would leak out of repair shops and dealerships.

While the law is useful tool, it isn’t the best way to fix software security problems.

Similar posts:

Our hackable lives – why IT security matters.

Now our cars, homes and security systems are hackable we have to start taking IT security seriously.

Two stories this week illustrate the security risks of having a connected lifestyle. Forbes magazine tells in separate pieces how modern car systems can be overriden and how smarthomes can be hacked.

Smarthome system security is a particular interest of mine, for a while I was involved in a home automation business but I found the industry’s cavalier attitude towards keeping clients’ systems secure was unacceptable.

The real concern with all of these stories is how designers and suppliers aren’t taking security seriously. In trading customer safety for convenience, they create serious safety risks for those using these system. It’s as if nothing has been learned from the Stuxnet worm.

A decade ago, a joke went around about what if General Motors made cars like Microsoft designed Windows. Like all good stories, it had a lot of truth to it. Basically, the software industry doesn’t do security particularly well; there are developers and vendors who treat security as a basic foundation for their work, but they are the exception rather than the rule.

That may well be a generational thing as today’s young developers and future managers are more aware of the risks of substandard security in the age of the internet.

Rather than seeing security as something that is bolted on to a product when problems arise, this generation of coders are having to treat security as one of the fundamental foundations of a new system.

What is clear though is that the builders of critical systems are going to have take security far more seriously as embedded computers connected to the internet of machines become commonplace in our lives.

Similar posts:

Blocking the bad guys – listeners’ questions from ABC Nightlife

Answers to listeners questions on Tony Delroy’s ABC Nightlife tech spot.

Last night’s ABC Nightlife looked at how email is evolving but most of our callers were concerned with configuring their email, anti-virus programs and blocking adverts on the web.

The audio of the program is available through the ABC website.

As usual, it’s tough to answer all the questions on live radio so here’s the ones from listeners Tony and I said we’d get back to.

Ad blockers

Website owners are desperately trying to find ways to make money from their sites, unfortunately its proving difficult so we’re seeing increasingly intrusive ads trying to distract us while we surf the web.

A number of Tony’s callers asked about adblocking programs to get rid of these irritating ads and there’s a few paid and free solutions available for computer users.

The most popular solution is Adblock, a plug in available for Firefox, Chrome, Opera and Android. The developers have a handy video guide to installing and configuring their product.

For Internet Explorer users, Simple Adblock is a plug in that should work with their browser.

Be aware with ad blocking programs that they may change the layout of the sites you visit so be prepared for some strange looking pages.

Also keep in mind that website owners are desperately trying to find ways to pay the bills, so you won’t stop the more cunning ads or sponsored content that pretends to be real news. You might also put a few online media sites out of business.

Anti-Virus programs

One common question from Nightlife listeners are what anti virus programs should they use.

Probably the simplest for Windows users is Microsoft Security Essentials or the free AVG Anti-Virus. For OSX Users, Clam AV and Sophos’ Free Anti Virus for Mac will do the job.

If you have Norton or McAfee anti virus programs on your Windows PC, then getting rid of the software is not straightforward. After uninstalling the software, you’ll have to run their removal tools which are available from the Symantec (Norton) or McAfee websites. Read the instructions carefully.

Switching to Hotmail

A curious thing about Microsoft is how they like to irritate loyal customers with interface changes that leave everyone confused. Hotmail users are among the latest victims after the company migrated them to the Outlook.com platform.

Deborah called in to ask how she could switch back to Hotmail from Outlook.com – sadly the official line from Microsoft is “you can’t”. It appears that all of the work arounds to get Hotmail back have also been closed down and the old service is no more.

For Deborah, the choice is to either get used to Outlook.com or investigate other online mail services like Gmail or Yahoo!.

The next ABC Nightlife will be on in around five weeks. Hope you can join us then.

Similar posts:

Trust and the cloud

The continued stream of security revelations may shake customer confidence in cloud computing.

The revelations of how the US tech industry has entwined itself with US spy agencies continue with The Guardian reporting that Microsoft gave the NSA access to their encryption services.

For Microsoft this is very embarrassing as the company has always strongly emphasized their security, that US government agencies turn out to have the keys to those systems will worry many foreign governments and businesses.

Like everything in business, cloud computing services require trust and this continual stream of revelations will shake the trust of many customers.

It may well be that the NSA revelations will boost the fortunes of non-US companies, Swiss companies are already reporting soaring sales since the leaks began and it may be that other nations may profit from the suspicions.

While cloud computing isn’t going away, many people will be thinking seriously about the services they use and whether they can trust them.

Similar posts:

Securing the security system

The hacking of a Google building management system shows how important it is to take security seriously.

How vulnerable building management systems can be hit me ten years ago when working at an expensive Sydney harbourfront home a decade ago.

The householder – a rich banker – had spent millions on physical security to insulate his family from the outside world. Yet anybody could dial in and monitor what was happening in the house through the building’s CCTV and management systems.

Not only were the building’s CCTV and management systems were open to the net, but that the system’s serve ran on an antiquated and unsecured version of Windows 2000 that shared the home network with a couple of enthusiastically downloading teenagers.

It was a matter of time, perhaps hours, before the system was compromised with worm or virus. The security implications were enormous.

Even the banker’s business was vulnerable as a targeted hack into the home would allow people to monitor traffic on the network and intercept work related messages.

What was really shocking however was how the system vendor and integrator who’d installed it simply didn’t care about the client’s security problems.

So the news that one of Google’s Sydney offices BMS is exposed to the net shouldn’t be a surprise. Building Management Systems, as we saw with the rich banker’s house, are notorious for their poor security.

For Google this security breach is embarrassing although the responsibility for this flaw lies firmly with the building owner who should have made sure their systems are locked down and properly secured. You can’t throw this problem over the fence.

One wonders just how widespread these problems are with other industrial systems like SCADA devices and other remotely operated equipment.

Internet connected systems have been around now for twenty years, there are no longer any excuses for not taking these issues seriously.

Image courtesy of Tacluda through RGBStock

Similar posts: