Latest Knowledgebase News

Cybercrime is now the domain of organised gangs
posted on 07/03/2008

The past few years has seen a major change in the world of cybercrime. Just 4 or 5 years ago, cybercriminals were mostly young male nerds who did it for fun or experimentation. They weren’t out to profit from their endeavours. They simply wanted to impress their peers. They didn’t want to steal money or cause major disruption. But the golden age of hackers and cybercriminals has passed. Today, e-crime is the domain of organised gangs, often from eastern Europe or China. They have just one motive. Now it’s all about making money. The main targets of today’s hackers are e-commerce web sites and the customer databases behind them. Databases that hold credit card numbers, expiry dates, PINs, addresses, and everything else that’s needed to empty a victim’s bank account. Their operations are so slick that stolen data is exploited within seconds of it being submitted by unwitting victims. The big growth area in e-commerce right now is in the use of web-based applications to replace... [more]

Traditional tokens or smartcards are not a universal security solution
posted on 13/02/2008

Many organisations have long recognised that relying solely on usernames and passwords to control access to confidential systems and information is outdated and misguided. But the search for stronger, more proven methods of authentication has, to date, brought with it as many problems as it has solved. Being the most basic, usernames and passwords remain the default level of user authentication – the ‘something you know.’ Adding ‘something you have’ such as a token or smart card has been the traditional second layer in two-factor authentication, while ‘something you are,’ the fundamental principal behind biometric technologies, provides an additional, third level. However, each extra layer of security adds new levels of complexity, set-up time, administration and management to the process. And, since the token or smartcard is currently more accurate than the most affordable biometrics systems, it remains the most popular choice for backing up usernames, PINs and passwords. T... [more]

Protect critical information: think beyond the hacker
posted on 07/01/2008

This year’s Gartner report states that IT security over-protects the wrong assets, over-reacts to the unexpected and over-spends. Security 3.0 is here; a clearer eyed approach to risk management that applies resources appropriately and moves away from the ‘bolting on’ that’s ruled our approach to security for too long. Businesses and the UK Government really need to start asking themselves where the real IT security threats lie. Repeatedly we hear of threats relating to people hacking into networks and Hollywood reinforces this fear - just look at the latest Die Hard movie. Of course, it is important to focus our attention on the issue of network hacking, but this is not the complete picture in the security world. The reality is that hacking is a complex process and requires intricate timing. After all, how great is the chance of a hacker intercepting information at the very time you are sending it over the internet? And how likely is it he or she will know what network and location ... [more]

Virtualisation: Why existing security measures are no longer enough
posted on 03/01/2008

Although virtualisation is not a new concept its present implementations are changing the face of corporate IT, through the reduction of the number of physical servers, the consolidation of rack space and the cutting of energy costs. Virtualisation allows the Virtual Machines (or VMs) running the applications to be divorced from their physical environment. A VM provides an isolated ‘sandbox’ for running applications, with Hypervisor processes managing multiple VMs on each physical machine. This separation of functionality from physical location allows superior management and a pooling of resources with the ability to meet workload on demand. Virtualisation technology is not just applicable to server applications within a data centre it applies across the enterprise be it within storage, security, the network or at the desktop. The use of virtualisation technologies however causes the complexity of computing environments to mushroom and as we all know additional complexity breeds insec... [more]

Five security truths to protect your critical systems
posted on 21/12/2007

Anyone who tells you that your IT network is “100% secure” is either a fool, or greatly mistaken. Security is a moving target, and unfortunately, this target is being manipulated by the bad guys. With 2007 almost behind us, I reflect on the struggle enterprises and governments face in cyber security. This is not a holiday wish list, or resolutions for 2008, but read through these 5 notions and I can guarantee: you will wonder if you are doing all you can to protect your critical systems. 1. Forget the rearview mirror: The bad guys are ahead of you 2. Leave the lights on – always 3. Don’t forget the boiling oil! 4. Your mom was right: change your underwear, often 5. Don’t let vendors put you in their box Forget the rearview mirror: The bad guys are ahead of you You may not know the intent of those attacking your systems; however what you should know is that they probably know more than you. The security industry does not innovate; we simply chase behind the true innovato... [more]

Other Security news and resources