@Risk

News last week that a NASA computer stolen in March 2011 contained unencrypted codes used to command and control the International Space Station has put the spotlight, once again, on the issue of cyber security.

Are C-suite execs paying attention?

Unfortunately, new research suggests they’re not.

The advanced findings from the latest 2012 Carnegie Mellon CyLab Governance survey of how corporate boards and executives are managing cyber risks reveal that the issue is still not getting adequate attention at the top.

Sponsored by RSA, The Security Division of EMC, the survey results show that even though there are some improvements in key “regular” board governance practices formation of board Risk Committees and cross-organizational teams within certain organizations, significant areas of concern remain. For instance:

• Oversight is lacking. Boards and senior management are not engaging in key oversight activities, such as setting top-level policies and reviews of privacy and security budgets to help protect against breaches and mitigate financial losses.
• Most boards aren’t taking responsibility. Less than one-third of the respondents indicate their boards and senior executives are undertaking basic responsibilities for cyber governance.
• Lack of personnel is a concern. Nearly half of the respondents indicated that their companies do not have full-time personnel in key privacy and security roles.
• Insurance coverage needs updating. More than half (58 percent) of the respondents said their boards are not reviewing their companies’ insurance coverage for cyber-related risks.

What can you do to help remedy the situation at your company?  RSA suggests you: (more…)

Secure Socket Layers (SSL) certificates are an essential component of secure online transactions, and yet most (54 percent) of the 174 IT and information-security pros recently surveyed by Venafi admitted they have an inaccurate or incomplete inventory of their SSL certificate populations.

As Venafi points out, deploying encryption solutions without maintaining comprehensive certificate and key inventories is a worst practice that jeopardizes vital business systems and processes, while exposing organizations to substantial risk of security and compliance incidents.

But, hold on. The story gets even worse. The survey results also showed that: (more…)

Many employees now use mobile devices to access their company’s network. But, what happens if those devices are lost, stolen or resold to others outside the company? Could sensitive data be compromised?

The risks may be greater than you think.

Earlier this month, Motorola announced that approximately 100 out of a batch of 6,200 Xoom tablets that were refurbished by Motorola Mobility may not have been completely cleared of the original owner’s data prior to resale. An earlier analysis found that more than half of 50 mobile phones purchased from second-hand resellers on eBay contained personal data left over from their original owners.

New research from Mobilisafe, a Seattle-based mobile security company, reveals just how widespread employee mobile device use is and how little oversight IT departments are exercising –particularly at resource-constrained small and midsized businesses (SMBs).

For the study, employees at SMBs agreed to help evaluate a product that provides visibility to all mobile devices accessing their company’s network. Then, over the course of three months, Mobilisafe mapped more than 38 million employee mobile device connections, providing key data for its analysis. The interim results from the beta trial showed that: (more…)

Over the next few decades, US water resources are likely to be severely strained by the combined impacts of population growth, increases in power generation and climate change.

In fact, more than one in three of the 3,100+ counties in the US could face a “high” or “extreme” risk of water shortages by the middle of the 21st century, according to a new study in ACS’s Journal of Environmental Science & Technology.

The research also found that seven out of ten of the US counties could face “some” risk of shortages of fresh water for drinking, farming and other uses.

The study, Projecting Water Withdrawal and Supply for Future Decades in the U.S. under Climate Change Scenarios,  features a “water supply sustainability risk index” that includes water withdrawal, projected growth, susceptibility to drought, projected climate change and other factors in individual US counties for the year 2050. It also takes into account renewable water supply through precipitation using the most recent downscaled climate change projections and estimates future withdrawals for various human uses.

By using this water index, the research team was able to conclude that climate change could foster an “extreme” risk of water shortages that may develop in 412 counties in southern and southwestern states, as well as in southern Great Plains states. (more…)

The results are clear: Private companies in the US are focused on growth.

PwC’s latest Private Company Trendsetter Barometer found that more than three-fourths (78 percent) of the 250 CEOs polled expect positive growth over the next 12 months. About four out of ten (43 percent) anticipate single-digit growth, and more than one-third (35 percent) are projecting double-digit growth.

Overall, these results indicate the rate of expected growth for Trendsetter companies has risen 18 percent.

Hiring projections for the next 12 months are on the upswing, too.

More than half (54 percent) of the CEOs responding said they intend to add to their workforce over the next  year –that’s up from 48 percent the prior quarter. Just 3 percent believe they’ll reduce headcount, with an overall 2.0 percent increase projected for private companies’ composite workforce.

PwC looked specifically at export revenue and found that internationally active Trendsetter companies forecast a 9.6 percent revenue growth rate over the next year. (more…)