Online & Offline Security News, Reviews & Product Information For Industry Experts...

UK Companies Spend 18 Days A Month Maintaining On-Premise Security Solutions

On April 26, 2011   /   Computer Security, Money and Business   /   Leave a comment

UK organisations spend an average of 143 hours or 18 working days per month just managing on-site security solutions and related problems, according to new research from Webroot, the first Internet security service company. The most time consuming activity was identified as managing software and/or hardware updates, an indicator of why companies are increasingly considering cloud security products to reduce IT workloads and costs.

Webroot surveyed 271 IT decision-makers with 100 to 5,000 employees in the United Kingdom. The research found that companies with more mobile or remote workers were at greater risk from security threats; UK companies with 25 per cent or more of their employees enabled with remote access are twice as likely to have had a network infection through a USB device or a website compromise. This can also be considered a major contributor to re-imaging infected machines being identified as the second most time consuming activity for IT departments.

“The burden of managing on-premise security solutions is clearly taking a toll on IT departments,” said Gerhard Eschelbeck, chief technology officer, Webroot. “On-premise solutions, whether they’re appliances or software, simply cannot keep up with today’s threat landscape, which is complicated by the need to protect a highly mobile workforce. Almost three quarters of the UK companies we surveyed have at least a quarter of their employees remotely accessing corporate servers, and this exposes them to a greater number of security threats of all varieties. This, coupled with the sheer volume of IT hours spent managing on-premise security solutions means many organisations need security solutions that are more effective and easier to manage and update. For example, those using cloud-based security are 30 per cent less likely to experience phishing attacks than those using on-premise security solutions, 25 per cent less likely to experience viruses or worms, and 20 per cent less likely to experience spyware. ”

According to the study, the time and cost associated with managing on-site security solutions is substantial for UK companies:

Managing software and hardware updates alone plunders 21 hours per month

Only six per cent of respondents said that managing software and hardware updates has no impact on their IT resources

Re-imaging infected machines is the second biggest drain on IT resources with this taking up 20 hours per month on average

Managing definition file updates is the next most time-consuming activity with an average of 19 hours dedicated to this per month

Companies with a quarter or more of their employees enabled with remote access face the greatest threats:

Network infections through USB devices doubles (from 20 per cent to 41 per cent) as does website compromises (13 per cent to 25 per cent)

Exposure to viruses or worms increases by 23 per cent and hacking attacks by 51 per cent

Viruses or worms were the most prevalent IT security threats to UK businesses last year, with more than 60 per cent experiencing these.

Spyware was the second most experienced threat by 54 per cent of businesses

Additional Findings:

A good proportion of UK companies are aware of the added threats posed by mobile working:

36 per cent of respondents rank securing laptop and mobile users as one of their top security challenge in 2011

The next highest ranked security challenges for UK companies in 2011 are preventing data breaches (30 per cent) and protecting against web-based malware (24 per cent)

Cloud security is an increasingly growing market in the face of these on-premise security challenges:

A number of UK companies are planning to implement cloud-based Web security solutions (44 per cent), cloud-based email security solutions (43 per cent) and endpoint/cloud solutions (38 per cent) in either 2011 or 2012

The three main motivations for implementing cloud-based Web security solutions are identified as improved effectiveness against threats (29 per cent), reduced burden on IT staff (29 per cent) and simplified management of security (44 per cent)

Read more
Back to Top

UK businesses fear security risks surrounding cloud computing

On April 24, 2011   /   Computer Security, Security News   /   Leave a comment

Over three fifths (62 per cent) of IT managers state concerns about security as an obstacle to cloud adoption, according to online research released today by Kaspersky Lab, Europe’s largest anti-malware company. The research, undertaken by YouGov on behalf of Kaspersky Lab, found that among the IT managers and directors surveyed, less than half of the businesses (41 per cent) are planning to move or have moved their IT operations to the cloud.

In addition to security fears, data protection (60 per cent) and a perceived lack of regulation (26 per cent) were stated as an obstacle to cloud adoption. As a result, almost one in five (18 per cent) IT managers said their businesses had considered but rejected the idea of moving any aspect of their IT to the cloud, and almost a quarter (24 per cent) had not even considered the cloud as an option.

With 79 per cent of respondents representing firms with 1,000 or more employees, this means that companies could be missing out on significant cost and efficiency benefits.

“Cloud technology has huge potential for streamlining IT operations, particularly in larger organisations with more sophisticated IT requirements,” said Andrew Lintell, corporate sales director for UK and Ireland, Kaspersky Lab. “Cloud-based solutions can make IT systems leaner as well as more agile and cost effective – freeing up valuable IT expertise and resources.

Predictions by IDC[1] back up this claim as they state that IT departments, including CSO and compliance experts, should anticipate the fact that they will no longer be asked to deliver IT-security-compliance, and instead just be the referee and guidance provider for secure compliant use of outsourced IT.

Lintell continued: “Our research has found that there is still considerable confusion about the cloud. Companies may be concerned about where data is stored and how they can keep it secure, but they should also view the positive gains. Solutions such as ours help make the management of security for cloud-based services simpler and easier, meaning that our customers can maximise the benefits of the cloud while minimising the risks.”

Read more
Back to Top

New hi-tech security hub to protect UK businesses opens

On April 17, 2011   /   International Security, Money and Business   /   Leave a comment

The UK’s newest hi-tech security hub, designed to protect some of the world’s largest companies, has opened in Craigavon, Northern Ireland.

MiTec is one of the most advanced security hubs in the UK and will help businesses protect their personnel and premises through a suite of services.

These include 24 hour remote monitoring of sites and buildings, lone worker protection and real time vehicle tracking, all with close co-operation with the police and other emergency services.

The centre, which has created 38 new jobs in Northern Ireland, has been built by MITIE, a FTSE 250 strategic outsourcing and energy services company, which has itself invested more than £2m in its development.

It was officially opened today by Ruby McGregor-Smith, chief executive officer of MITIE, and Alastair Hamilton, chief executive of InvestNI, Northern Ireland’s economic development agency.

Over 60 people from the security industry and MITIE’s clients attended the official unveiling including representatives of Capgemini, Capita and Eurostar.

As well as monitoring facilities, MiTec provides real time response to incidents via “call outs” to local police forces and MITIE’s mobile security personnel. The seamless integration of these services makes it unique amongst security providers in the UK.

It is also the first time that this range of services has been brought together under one roof and MiTec has been ‘future-proofed’ to ensure it can upgrade as technology advances and clients’ needs change.

The centre has been designed to stringent BS 5979 Category II standards and is protected by high tensile steel walls and vibration detectors throughout.

MITIE has revenues of £1.7bn and over 60,000 employees in the UK and Europe. It is a leading security provider in the UK, employing 12,000 officers and delivering 4,000 security contracts across 10,000 sites.

Ruby McGregor- Smith, chief executive of MITIE said: “MiTec is an advanced security centre operating to world-class standards and allows us to protect our clients’ properties, information and personnel in the most cost effective way.

“We decided to open MiTec in Northern Ireland because there is a talented and motivated workforce and I am very excited to be here today.”

Bob Forsyth, managing director of MITIE Total Security Management said: “MITIE is investing heavily in its total security management business to give corporate clients greater protection at a more cost effective price.

“We are achieving this by bringing together monitoring, response, vehicle tracking, employee vetting and other areas to provide a totally integrated offering.

“Most importantly, MiTec is a completely future proofed building meaning it can adapt to the fast pace of technological change which is revolutionising security provision.”

Read more
Back to Top

Mobile Security: The Great Misconception

On April 14, 2011   /   Mobile Security   /   Leave a comment

Research from Kaspersky Lab shows that many users feel more secure using smartphones to surf the Internet than PCs, and that a majority consider the risk of losing personal data higher on computers than on smartphones.

The latest results have been released from a survey conducted for Kaspersky Lab by the Association of Independent Research Centres. 1,600 smartphone users were surveyed in Great Britain, France, Italy and Spain. The survey examines the extent to which European smartphone users are aware of the current mobile malware threats and whether or not they consider smartphone protection a necessity.

The new findings highlight a dangerous misconception with regards to smartphone protection and demonstrate security software is less common on mobile devices than it is on PCs. Please see more details outlining the new survey findings below:

Should you be interested in speaking to a Kaspersky Lab security expert for further details about the survey findings, please contact me on either johnpaul.charles@berkeleypr.co.uk or 0118 988 2992.

There has been a recent increase in the number of attacks on mobile operating systems like Android and iOS, and experts expect to see considerably more of these in the future. Despite this, users in Europe, according to the Kaspersky Lab survey, feel more secure accessing the Internet via a mobile device. 51 percent of those surveyed are afraid of having their computer infected with malware while surfing the Internet, compared with the fact that 27% of respondents consider a virus infection on their computer a serious threat.

One interesting detail which emerged from the survey is that users consider the risk of losing personal data lower on a smartphone than on a PC – despite the fact that around a fifth of all smartphone users have already experienced the loss or theft of a mobile device.

The majority of users – over 90 percent in most European countries – store personal data, such as photos, emails or contact details, on their smartphones. Around one-third also save login information, such as PIN codes or passwords, for various services on their mobile devices, demonstrating a large gap between secure reality and user perception

Read more
Back to Top

Six tips for protecting critical data against Advanced Evasion Techniques

On April 11, 2011   /   Computer Security, Crime   /   Leave a comment

Stonesoft, an innovative provider of integrated network security and business continuity solutions, discovered Advanced Evasion Techniques (AETs) last year. Since then, it has been verified that the threat posed by AETs to organisation’s critical data capital and systems is constantly evolving and dynamic. Here Stonesoft shares six tips for organisations to protect their critical data assets and systems against Advanced Evasion Techniques.

Evasions are a way to bypass network intrusion prevention systems (IPS) or any security device that is supposed to do network traffic inspection. As such, evasion techniques have been known for a long time. However, when Stonesoft discovered the AETs – a new threat category that existing network security systems are not able to detect – the information and the first 23 samples were quickly delivered to the Computer Emergency Response Team CERT-FI and later announced to the public. Stonesoft has recently shared 124 newly discovered samples with CERT-FI. However, this was just the tip of the iceberg.

“As a rule, all services have their scheduled maintenance windows, and organisations use intrusion prevention systems to protect their critical data assets also between maintenance updates. These network threats and maintenance restrictions apply also to industrial SCADA networks, which were targeted by the Stuxnet worm in 2010. However, advanced evasion techniques are capable of bypassing this protection and delivering attacks without being detected by the security devices like IPS. This means that the vulnerabilities of the systems can be exploited at any time,” Tomi Kononow, StoneGate IPS Product Manager at Stonesoft explains. “To protect their critical data assets against AETs, organisations must be proactive, question their existing security solutions and look for alternative options to fight this new threat posed by Advanced Evasion Techniques. The playfield of network security has changed and the old methods do not apply any more.

Organisations should follow the six tips listed below to increase their level of protection against AETs:

Increase your knowledge: of Advanced Evasion Techniques. They differ from traditional evasions in many ways, and it is important to understand that they are not attacks as such, but delivery methods to carry payloads to the vulnerable target without being detected by firewall and IPS devices. Thus, there is no bullet proof solution against them. You can minimise the risk of getting exploited by using a network security solution that is capable of multi-layer traffic normalisation and an intelligent security platform that is continuously updated against AETs.

Analyse the risks: Audit your critical infrastructure and analyse the most significant assets of your organisation, how and where they are currently stored and whether the information is backed up. Prioritise. Start by making sure your critical assets and public services have the best possible protection against AETs.

Re-evaluate your patch management. When possible, patching the vulnerable systems gives the ultimate protection against the network attacks, regardless whether they have been boosted by the AETs. Evasions can only help the attacker to bypass the intrusion prevention systems (IPS) or next generation firewalls (NGFW), but they do not assist in an attack against a patched system. It is understandable, however, that the patch testing and deployment takes time even under the best circumstances and for this time the recommendations for proper IPS protection, as follows, apply.

Re-evaluate your intrusion prevention solution. Evaluate your existing intrusion prevention solution (IPS) and NGFW with respect to its capability to protect your network against AETs. Be critical, proactive and look for alternative options. Keep in mind that AETs have changed the security landscape permanently. It is a fact that if a security device  is not capable of handling evasions, it is practically useless – no matter how good a block rate it has or many certifications or awards it has won.

Re-evaluate your security management. Centralised management plays a crucial role in protecting against AETs. It allows you to automate AET updates and schedule software upgrades remotely and effortlessly, thus making sure you always have the highest possible protection against AETs.

Test anti-evasion capabilities of your security devices in their own environment by using your own policies and configurations. Many security vendors know how to survive simulated and recorded evasions when these are well predefined and stable in lab environment. However, when facing live and dynamic evasion disguised exploits, these systems go blind and are incapable of protecting your data assets. If you really want to know the level of your current protection against AETs, field testing is required.

Read more
Back to Top
Page 20 of 76« First...10...1819202122...304050...Last »

Extra Security

FREE Security Updates

Enter your email address:

Delivered by FeedBurner

Best Security Sites

Computers Business Directory - BTS Local TopOfBlogs