@Risk

In order to carry out their operations, federal agencies often rely on IT components manufactured overseas. But, a new report from the Government Accountability Office (GAO) warns that this growing dependence on a global IT supply chain introduces multiple risks to sensitive federal information systems.

For example, the report says federal agencies are vulnerable to:

• Installation of malicious logic on hardware or software
• Installation of counterfeit hardware or software
• Failure or disruption in the production or distribution of a critical product or service
• Reliance upon a malicious or unqualified service-provider for the performance of technical services
• Installation of unintentional vulnerabilities on hardware or software (more…)

Any business is vulnerable to a data breach. However, for the second year in a row, the information security firm Trustwave has found companies in the food and beverage industry are the most at risk from cybercriminals.

Why? According to the newly released Trustwave 2012 Global Security Report, industries with franchise and chain store models are top targets primarily because franchises often use the same IT systems across stores. Once cybercriminals compromise a system in one location, they likely can duplicate the attack in multiple locations. In fact, more than one third of Trustwave SpiderLabs 2011 investigations occurred in a franchise business, and the report predicts this number will rise in 2012.

Here are a few more key findings from the 2012 report: (more…)

Identity fraud jumped by 13 percent in 2011, and that increase may be the result of consumers’ social media and mobile behaviors.

For the past nine years, Javelin Strategy & Research has conducted an annual analysis of identity fraud trends, and for the first time, the 2011 study examined social media and mobile phone behaviors, ultimately uncovering certain related consumer practices that appear to increase risks.

Here are some of the key findings in more detail:

• The overall number of identity fraud cases is up, but the dollar amount held steady. Javelin found that more than 11.6 million adults became a victim of identity fraud in the US last year, although the dollar amount stolen remained constant. (Javelin defines “identity fraud” as the unauthorized use of another person’s personal information to achieve illicit financial gain.)
• Social behaviors are risky. LinkedIn, Google+, Twitter and Facebook users had the highest incidence of fraud although there is no proof of direct causation.  What’s the risk? Javelin found that consumers share significant amounts of personal information frequently used to authenticate identity. For example: (more…)

News last week that a NASA computer stolen in March 2011 contained unencrypted codes used to command and control the International Space Station has put the spotlight, once again, on the issue of cyber security.

Are C-suite execs paying attention?

Unfortunately, new research suggests they’re not.

The advanced findings from the latest 2012 Carnegie Mellon CyLab Governance survey of how corporate boards and executives are managing cyber risks reveal that the issue is still not getting adequate attention at the top.

Sponsored by RSA, The Security Division of EMC, the survey results show that even though there are some improvements in key “regular” board governance practices formation of board Risk Committees and cross-organizational teams within certain organizations, significant areas of concern remain. For instance:

• Oversight is lacking. Boards and senior management are not engaging in key oversight activities, such as setting top-level policies and reviews of privacy and security budgets to help protect against breaches and mitigate financial losses.
• Most boards aren’t taking responsibility. Less than one-third of the respondents indicate their boards and senior executives are undertaking basic responsibilities for cyber governance.
• Lack of personnel is a concern. Nearly half of the respondents indicated that their companies do not have full-time personnel in key privacy and security roles.
• Insurance coverage needs updating. More than half (58 percent) of the respondents said their boards are not reviewing their companies’ insurance coverage for cyber-related risks.

What can you do to help remedy the situation at your company?  RSA suggests you: (more…)

Secure Socket Layers (SSL) certificates are an essential component of secure online transactions, and yet most (54 percent) of the 174 IT and information-security pros recently surveyed by Venafi admitted they have an inaccurate or incomplete inventory of their SSL certificate populations.

As Venafi points out, deploying encryption solutions without maintaining comprehensive certificate and key inventories is a worst practice that jeopardizes vital business systems and processes, while exposing organizations to substantial risk of security and compliance incidents.

But, hold on. The story gets even worse. The survey results also showed that: (more…)