Security Events in IT World 12-06-2017

1.Thousands of Firms Fail to Update Software on Most Computers : Out of 35,000 companies from more than 20 industries across the world showed that many of them are at risk of suffering a data breach due to their failure to ensure that the software running on their computers is up to date.

2. Outdated OSs and browsers in each sector : It takes most companies, on average, more than a month to update to the latest version of macOS Sierra. Researchers found that in late March, over two months after version 10.12.3 was released, roughly 40 percent of firms had still been using an older version. In the case of Windows, more than 60 percent of analyzed PCs were running Windows 7 or earlier, including XP and Vista, which no longer receive updates from Microsoft.

3. Can We Ever be Prepared for the Next WannaCry? – The recent WannaCry ransomware outbreak is yet another wake-up call. Humans alone can no longer be expected to manually respond to brazen, fast-spreading cyber-attacks that strike without warning and routinely bypass porous network borders. The early indicators of the attack were evident, but it spread too quickly for human security teams to react before it spread across the world like wildfire.

4. User Security is a Responsibility, Not an Excuse – In the majority of successful breaches, the common entry point typically is a user. But another reason is that despite all the security tools and policies IT departments have in place, users will always be a wildcard — the one thing they can never fully control.

5. Mobile App Back-End Servers, Databases at Risk- Mobile app developer’s casual use of back-end technology without security-hardening puts unsuspecting enterprises at grave risk of exposure. Mobile application developers are putting enterprise data at risk by failing to secure the back-end servers and databases that feed their apps with data.

6. Man Admits Hacking into His Former Employer’s Network – Tennessee man pleads guilty in federal court, acknowledging he illegally accessed his former employer’s networks to gain an edge over his rival. This happened for nearly a two-year period and pilfering proprietary business information worth roughly $425,000.

7. Engineer Arrested for Attempted Theft of Trade Secrets – A Software engineer been arrested for trying to steal valuable code from his employer, a financial services firm. The FBI has announced the arrest of software engineer who was taken into custody for allegedly trying to steal valuable computer code from the financial services organization where he worked. He has been charged with one count of attempted theft of trade secrets, which carries a maximum sentence of 10 years in prison and maximum fine of $250,000, or twice the gross gain or loss from his crime.

8. 95% of Organizations Have Employees Seeking to Bypass Security Controls – The insider threat issue is well-understood and something that countless surveys have shown poses almost as big a risk to enterprise data security as external attackers. The report is based on an analysis of risk assessments conducted by a sample of its customer base. A stunning 95% of the assessments showed employees to be engaged in activities designed to bypass security and web-browsing restrictions at their organizations.

9. Computer Engineer Charged with Theft of Proprietary Computer Code – Zhang arrested for stealing over 3 million files containing company trade secrets from his employer, a global finance firm. Zhang of California has been arrested and charged by a US federal court with stealing trade secrets from his employer, a New York financial services firm. A US Department of Justice (DoJ) release says that between March 2016 and March 2017, Zhang stole over three million files of confidential data and computer code.

10. ‘Insider Sabotage’ among Top 3 Threats CISOs Can’t yet Handle – Five steps can help your organizations limit the risks from disgruntled employees and user errors. Although insider sabotage is among the top three security threats companies face, 35% of chief information security officers still lack the best practices to handle it properly.

Here are five steps CISOs can take to avoid insider sabotage:

A) Enforce a strict information security policy, and run regular training sessions with employees to prevent malware infection of company networks.
B) Immediately revoke all access and suspend certificates for former employees to prevent them from leaving the company with backups and confidential data, or from making administrative changes before leaving the company.
C) Keep a close eye on internal systems and processes, and set up notifications for any changes that should occur.
D) Implement role-based access control to restrict access to unauthorized employees.
E) Never rely solely on usernames and passwords to safeguard confidential company data. Instead, implement multiple authentication methods such as two-factor, two-person or even biometric authentication.

11. How Cyber security is not luxury anymore – WanaCryptOr 2.0 has become a global sensation overnight thanks to its potency and reach, making it the biggest ransomware attack. It has breached personal and network computers in more than 150 countries, and this is surely the best indicator that the time is now for governments, organisations and citizens to give cyber security prime importance. Network infrastructure is the underlying foundation of every nation and we must do all that we can to preserve it.

12. India’s internet users to reach 829 million by 2021 – The digital transformation will continue to drive IP traffic in India with the projected increase in internet users from 373 million in 2016 to 829 million or 59 percent of the Indian population in 2021.Witnessing a burgeoning rise in usage of mobile applications and connectivity by end users. The need for optimized network automation, e2e security and ultimately network monetization through cost-efficient data protection is the need of the hour.