No CSO? Hire one now, advises security expert

Data rich corporations with weak IT security departments are just asking for trouble says M86

Hamish Barwick (CSO Online (Australia))
22 June, 2011 12:12
Comments

M86 Security vice-president, Jeremy Hulse

Enterprises without a chief security officer or a beefed up security department will be left wide open as hackers use new exploits to strike, warns a security industry expert.

M86 Security vice-president, Jeremy Hulse, told CSO Australia that the reason gaming companies, such as Sega, from which hackers stole personal data of 1.29 million customers over the weekend, had been hit was because of new exploits and malware on legitimate websites that security staff may not be aware of.

"Upwards of 80 to 90 per cent of good websites can host malware and that can be from a period of 20 minutes to 24 hours, but they [hackers] generally don't leave it up for a long period of time," Hulse said.

"All it takes is for someone from Sega or another company to access the website and download the exploit to their internal network."

"For Sony not to have a chief security officer [before the attacks occurred] is quite a startling revelation," Hulse said. He added that M86 had recently come across a large amount of malware that was not caught by signature databases. "From our own studies with customers, the traditional signature based security is not working and they have some exploit that may not have been discovered [by security staff] yet."

Read more about security in CIO’s 2011 Global State of Information Security Survey.

This meant the chief security officer had to be prepared to deal with unknown threats and invest in new security technologies. "People think they're safe but the hackers are saying, 'No, you're not safe' and they are proving it," said Hulse. "Every time someone in security closes a door the hackers are going to be looking for another."

He added that Cloud service providers also needed to "step up" and inform customers what security measures they could offer before data was hosted in a public or private Cloud.

"The message to Cloud providers is that there needs to be an extra level of diligence. You can't apply traditional security to Cloud services, it's a different game." He advised enterprises considering hosting data in the Cloud to quiz their provider about data encryption and find out if the data would be hosted onshore or offshore.

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au

Follow Hamish Barwick on Twitter: @HamishBarwick

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Bookmark this page

Share this article

facebook

slashdot

digg

Reddit

stumbleupon

linkedin

twitter

Got more on this story? Email CIO

Follow CIO on twitter

More about: etwork, M86, Sega, Sony

References show all

Reports: Sega customer database hacked

Information security in 2011

Twitter: @HamishBarwick

Comments

Post new comment

Name

Email address
The content of this field is kept private and will not be shown publicly.

URL

Comment

If you enter anything in this field your comment will be treated as spam

Users posting comments agree to the CIO comments policy.

Login or register to link comments to your user profile, or you may also post a comment without being logged in.

Share

Share this article

google+

facebook facebook

slashdot slashdot

digg digg

Reddit Reddit

stumbleupon stumbleupon

linkedin linkedin

twitter twitter

print

email

Bookmark

Related Coverage

Mayor of New Jersey town arrested on hacking and conspiracy charges

Untethered jailbreak for iOS 5.1.1 available for download

Unthethered jailbreak for iOS 5.1.1 available for download

Security researcher urges IT managers to keep up with SAP patches

Lawmakers call on DOJ to reopen investigation into Google Wi-Fi spying

Related Whitepapers

TestPro achieves visibility over software defect management - Reducing project risk and improving quality

Rapid achievement of employee productivity gains in a modern workforce

Why performance management? A guide for the midsize organisation

Pathways Advanced ICT Leadership Development Program Brochure and Course Outline 2012

Sample: Individual Stand Alone Core Competency Report

Latest Stories

Data security on PCI Security Standards Council’s APAC agenda

Gear and gadgets at CeBIT 2012, Sydney

NBN Co focuses on continuous delivery to meet its deadlines

AARNet extends international academic network links

Foxtel finalises Austar takeover

Community Comments

"I was able to find good information from your content."

Google Jumps Into Social Bookmarks Game

"Wow! Great progress! Go NBNCo! Ummm... How many of those 7300 satellite ..."

NBN build gaining momentum daily: Quigley

"Very first time commenter on Face Time - Interview with John Brennan ..."

Face Time - Interview with John Brennan and Robert DiStefano

"When someone writes an piece of writing he/she keeps the idea of ..."

Monday Grok: Will Siri crack the walls of GOOG?

"Truly no matter if someone doesn't be aware of after that its ..."

Face Time - Interview with John Brennan and Robert DiStefano

Tags: CSO, security, staffing

Latest Blog Posts

Rory Gregg

Building trusted relationships

Rob Livingstone

Planning your IT career

Rory Gregg

Taking the risk out of diversity

Whitepapers

Essar Group - Essar Group executives enjoy printing on the move
Essar Group’s senior management are constantly on the road. So it’s not surprising that the company has become a heavy user of mobile computing solutions to enable them to get their job done. The mobility and productivity of executives; enable them to easily print documents from any company location to any company printer using their smartphone. Read more.

Learn more »

Lost USB keys have 66% chance of malware
Sophos studied 50 USB keys bought at RailCorp's 2011 Lost Property auction in Sydney. The study revealed that two-thirds were infected by malware, and quickly uncovered information about many of the former owners of the devices, their family, friends and colleagues. Disturbingly, none of the owners had used any sort of encryption to secure their files against unauthorised snoopers.

Learn more »

HP ePrint Enterprise mobile printing solution
The merger of mobile devices and cloud services has become one of the most significant enablers of business productivity and innovation in the past decade. We now hold the power of communicating and computing in the palms of our hands, nearly anywhere business or life takes us. However, one key business process has eluded the mobility movement: printing. Even the most technically enabled business travelers find themselves hunting down print services while on the road and interrupting IT managers when visiting a branch office simply to print a document. But finally, a truly mobile print experience is available—helping enterprises to drive business productivity further. Read more.

Learn more »

All whitepapers

Books

More Books

Oracle Xsql

Bsd Unix Toolbox

Internet-based Workflow Management

Flash and PHP Bible

Ingn for Dummies

50 Fast Photoshop CS Techniques (Includes CD-ROM)

PC Magazine Guide to Windows Xp, Media Center Edition, 2005

Mac OS X for Dummies, 2nd Edition

CSS Instant Results

Most Read

Most Commented

1
5 open source help desk apps to watch
2
How to create a clear project plan
3
5 open source billing systems to watch
4
NBN Co focuses on continuous delivery to meet its deadlines
5
CIO challenge with BYOD: Don't fall down the rabbit hole

21
Face Time - Interview with John Brennan and Robert DiStefano
40
All Systems Down
2
IT service management going social
15
10 Tips for Dealing with a Bully Boss
3
The social business network

Get exclusive access to Invitation only events CIO, reports & analysis.
Sign up now »

Latest Jobs

FTiPhone App DeveloperNSW

FTTechnical Services Engineer - ShoreTel/MitelVIC

CCSystem Engineer - Exchange - CONTRACTSWA

CCSystem Engineer - Lync and Exchange - CONTRACTSWA

FTSenior Network Engineer - Cisco / Nexus / UCS / - Routing / Switching / WirelessNSW

FTProduct Manager Strategist - Enterprise ApplicationsNSW

FTSenior Citrix EngineerNSW

FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW

FTiPhone App DeveloperNSW

FTSenior Citrix EngineerNSW

CCAvaya Engineer - ERS 8600 4.1NSW

FTChange Management ProfessionalsNSW

FTiPhone App DeveloperNSW

FTIT Account Manager - System Integrator - Career Progression - Start ImmediatelyNSW

FTiPhone Developer DeveloperNSW

FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW

Zones

HP Business Efficiency - Money Payback Guarantee Resource Centre
Visit zone »

The Australian Cloud
Visit zone »

Featured Whitepapers

IDC MarketScape: Worldwide Business Process Platforms 2011 Vendor Analysis

Enterprises adopting business process management (BPM) software have wide-ranging needs, from highly dynamic task management to complex, high-volume processing with a focus on straight-through automation and the ability to rapidly ...

Eight things senior managers need to know about data encryption

Security Threat Report 2012

How progressive companies are using social technologies

Most Popular Whitepapers

1

The Pathways ICT Leadership Development Program Brochure and Curriculum 2012

Developed by the CIO executive Council, Pathways is a unique, flexible, self-managed, self-paced 12-month CIO designed and delivered ...

Recent comments

"I was able to find good information from your content."
Google Jumps Into Social Bookmarks Game

"Wow! Great progress! Go NBNCo! Ummm... How many of those 7300 satellite ..."
NBN build gaining momentum daily: Quigley

"Very first time commenter on Face Time - Interview with John Brennan ..."
Face Time - Interview with John Brennan and Robert DiStefano

"When someone writes an piece of writing he/she keeps the idea of ..."
Monday Grok: Will Siri crack the walls of GOOG?

"Truly no matter if someone doesn't be aware of after that its ..."
Face Time - Interview with John Brennan and Robert DiStefano

Follow CIO

LinkedIn

Twitter

YouTube

Facebook

Newsletter

Market Place

Cyber Security Summit 2012 | 1-3 August | Save $150 using promo code CSO | Check out agenda today

Gartner Security & Risk Management Summit, 16-17 July 2012, Sydney

Latest Jobs

IT Account Manager - System Integrator - Career Progression - Start Immediately

Product Manager Strategist - Enterprise Applications

iPhone App Developer

iPhone App Developer

Senior Network Field Engineer - Cisco R&S / Wireless Solutions

Subscribe to CIO

Critical. Authoritative. Strategic. CIO magazine addresses the issues vital to the success of IT and business executives. Solutions-oriented editorial provides a greater understanding of the role IT plays in achieving corporate goals. Subscribe to the print edition today.

All

LinuxWorld

Computerworld

CIO

CSO Online

ARN

PODCAST

Download OPML file for import with all IDG RSS feeds

LinuxWorld News

LinuxWorld Technology List

Software Development by Computerworld

Business by Computerworld

Computerworld Business In-Depth

Security Alerts by Computerworld

Security Weekly by Computerworld

Linux & Open Source by Computerworld

Mobility & Wireless by Computerworld

Networking by Computerworld

Storage Solutions by Computerworld

Telecoms by Computerworld

.NET Centre

Careers by Computerworld

Computerworld Today

CIO Executive Briefing

CIO Government

CSO Online Data Security Briefing

ARN Daily

ARN PC and Components

Networking

ARN Security

Storage

ARN Mobility and Wireless

CIO Live (MP3) RSS Feed

CIO Live (WMA) RSS Feed

Computerworld Live (MP3) RSS Feed

Computerworld Live (WMA) RSS Feed

CSO

Mayor of New Jersey town arrested on hacking and conspiracy charges

Untethered jailbreak for iOS 5.1.1 available for download

Unthethered jailbreak for iOS 5.1.1 available for download

Chinese cyber-espionage threatens U.S. economy, DoD says

Government alarm over cyberattacks validated by terrorists

Computerworld

Data security on PCI Security Standards Council’s APAC agenda

CSIRO develops hands-free technology for mining repairs

AARNet extends international academic network links

Telstra IaaS platform gets ISO certification

Coalition NBN better or worse?

ARN

Recruiters predict revenue increases and aggressive growth for firms: study

IN PICTURES: ARN Rush to Mobility roundtable

APP OF THE DAY: Bump

Kerio encourages Alternative IT for partners, reveals channel initiative

Ovum: HP restructure necessary, but where is Whitman leading the company?

Techworld

FCC ruling on 800MHz band a boon for Sprint

Oracle NetBeans 7.2 supports the latest PHP, C++

Quickbooks Online outage leaves some customers in sour mood

Mayor of New Jersey town arrested on hacking and conspiracy charges

A comparison of Telstra's 4G phones

CFO

iPad saves Greece $140B

Facebook, Zuckerberg, Morgan Stanley hit with lawsuit

OECD warns eurozone crisis stunting growth

Asciano's CFO to be Pac National director

Vodafone customer numbers down