Skip to content

New Technologies = New Threats

April 27, 2011

Yesterday, eIQnetworks hosted a lunch-and-learn in Charlotte, NC, entitled “New Technologies, New Threats: The Changing Landscape of Security Management”.  Our keynote speaker, John Walsh, is President and Principal Consultant with SPB Secure Solutions, LLC, and John himself is a former Naval Intelligence Officer and former CISO at two Fortune 500 companies.

John’s presentation was extremely valuable for the 25+ C-level security executives in attendance.  Some of his key points included:

  • Web 2.0 Threats.  In the world of Web 2.0 — where technologies such as AJAX, mash-ups, and multiple targeted platforms is an everyday reality – the need for secure coding practices is acute.  From cross-site scripting (XSS) and request forgeries (CSRF), to misapplication of authentication and encryption technologies, organizations need to vigilantly monitor web-facing applications through continuous monitoring, frequent vulnerability scanning (using different, third-party vendors to ensure the broadest set of testing results), and the use of point products such as NAC, DLP, DAM and file integrity to counter broad-based and advanced persistent threats.  Of course, a unified tool — such as SecureVue – can provide the platform for these point tools to more easily identify APTs and other Web 2.0 threats.
  • Social Media Threats.  Over-sharing of company information, mixing personal and professional information, engaging in troll bait or other social media “rage”, password sloth, and “trigger finger” are just some of the major threats to information security that exist within the world of social media.  Because there are business risks in not utilizing social media (lost market opportunities, loss of customer communication channel), it’s important that organizations use social media tools, but do so in a safe manner.  Implementing a strong SM use policy, creating a governance process around SM, and enforcing content guidelines is critical to mitigating these potential threats.
  • Mobile Device Threats.  Malware authors are increasingly targeting mobile devices, and specifically advanced smartphones including Apple, Microsoft, Google and Symbian mobile operating systems.  Just like in the non-mobile world, bank account and payment card data continue to be the prime target, and “features” that are being newly discovered by customers — such as Apple and Android devices potentially tracking users’ movements via GPS – continue to expose new potential attack vectors for the bad guys.  Just like desktop and laptop systems, a solid mobile device policy is critical to minimizing threats.  That policy should include, at a minimum, the ability to disconnect devices from the network, and the ability to wipe devices upon termination or loss of the mobile device.  In addition, technologies that support “push”-based end point management should be considered, either vendor-specific (e.g, Blackberry Enterprise Server, iPhone Configuration Utility), or cross-platform technologies from vendors such as McAfee.

We’d like to thank John Walsh for his fantastic presentation, and all those who attended yesterday’s event!

Interested in attending a future eIQnetworks lunch-and-learn?  Check out the Events section of the eIQ website!

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: