Communications Designline Blog
Comment
Steve_B
It's really pretty simple. If you put data unencrypted in the cloud, it can be ...
Androidforums.com, Yahoo Voice, Indian Navy and Formspring are latest victims
Carolyn Mathas
7/12/2012 12:29 PM EDT
Is your work and communications safe? According to GFI Software, their research indicates that half small business IT folks wouldn’t bet their hard-earned cash that their business computers are free of malware (51%) or that they are at peak efficiency and won’t fail (59%). Highlights of the survey include:
- 27% say they aren’t running the same antivirus s/w on all company PCs
- A third don’t have a centrally managed antivirus solution
- Almost half (48%) say they can’t tell which PCs are about to fail
- 78% would be interested in Web-based antivirus protection management
- 28% say none of their IT apps are delivered via the cloud.
Their concerns about cloud apps include complexity, lack of skills to implement, third-party control over company solutions, expense, and cloud security.
While I realize that this survey involves the IT realm, I can’t help but wonder where the engineering design community would fall given security considerations. How confident are you that your designs, communications, and anything else regarding your work are truly protected?
Just within the past few days, for example, Androidforums.com has been hacked and user credentials stolen, Yahoo confirmed that a breach of its Yahoo Voice system exposed 400,000 user IDs, Chinese hackers breach Indian Navy computers, and Formspring was victimized as hackers made off with hashed passwords for 420,000 of its users.
30 years ago, dumpster diving in Silicon Valley didn’t just yield dinner. Instead, some companies kept tabs on their competitors’ new products, while gung-ho reporters scooped product launches (Imagine!).
There is a viciousness, however, to what is going on today compared with looking for a dumpster-diving competitive edge of the past. What is gained besides bragging rights, or the twisted ego-boost that must come from password and data theft today?
Can we really ever achieve the cybersecurity necessary to keep the bums out? And, will movement to the cloud enhance our protection or vulnerability?
|
|
|
|
|
Steve_B
7/13/2012 9:24 AM EDT
It's really pretty simple. If you put data unencrypted in the cloud, it can be (usefully) stolen. If you run applications on your computers that you didn't write, they may have Trojan horses in them. If you run any standard OS or software on a network, you are subject to 0-day defects that could steal anything on that computer or plant software that watches future activities.
Plan accordingly. In practice, this means strategically-placed air gaps and encryption, as well as turning off automatic software execution when USB drives or CD/DVD's are plugged in, running updated software and virus checkers (but don't trust either to find everything), and most importantly, employee training. If you aren't doing any of those, start with employee training. Employees with security training will help you find your weaknesses -- without training, they only create additional weaknesses.
Sign in to Reply