Social engineering, big data top security priorities for 2013: Gartner
- 09 November, 2012 12:01
Gartner Australia research director Rob McMillan.
The technique of using deception and manipulation to gain sufficient knowledge to dupe an unwary individual, employee or company into revealing personal information has the potential to be one of the biggest security threats in 2013 according to a security expert.
Gartner Australia research director, Rob McMillan, who is due to speak at the analyst firm’s annual Symposium on the Gold Coast next week, told Computerworld Australia that social engineering has emerged over the last four years as a growing threat, especially for non-IT professionals who do not understand the techniques used by scammers.
For example, the long running Windows Event Viewer scam involves telemarketers calling people, telling them they have a virus and requesting the recipient's authority to run a Windows program called Event Viewer in order to fix ‘so-called’ bugs in the operating system. Other callers claim they can remove the virus for a fee and ask for people's credit card details.
According to research from Sophos, scammers have called people posing as a member of their company’s IT department and named the person’s boss in order to gain their trust.
“If you want to break into an organisation you would research that organisation and identify a few individuals that you want to target, than research them,” McMillan said. “The reason why this is important is the need for stronger education and depth of understanding for non-security professionals who have access to important resources.”
Turning to the subject of how businesses protect customer data with the need to increase revenue, he said that big data should be factored into security measures.
“The thing about big data is that it is harder to get the value out of your information and to protect everything when this mass of information becomes large in volume and deep in complexity,” he said.
“It’s like your bedroom or garage — if you walk in the place and there is stuff strewn everywhere it does get more difficult to find things eventually.”
According to McMillian, IT executives need to understand where the data resides, what the data means and organising it correctly so they can extract value out of the data.
“More importantly from a security perspective you need to know how to protect it,” he said.
“If you think about payment card industry [PCI] compliance, you’ve got obligations to protect any of the data that falls under that regime,” he said.
He added that PCI compliance will be much easier if the organisation can confine all of the credit card information in a restricted area such as a couple of secure databases.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
New Demands for Real-time Threat Management
Many organisations are evaluating a new security model based upon IT risk management best practices. This is a good idea, but not enough for today’s dynamic and malevolent threat landscape. To keep up with IT changes and external threats, large organisations need to embrace two new security practices: real-time risk management for day-to-day security adjustments and real-time threat management to detect and remediate sophisticated, stealthy, and damaging security breaches (i.e., advanced persistent threats, or APTs). Learn more.
Building a Better Mousetrap in Anti-Malware
This story is becoming frustratingly old. Cyber threats are continuously advancing in their adaptability speed, sophistication, and degree of stealthiness. At the same time, the exposed footprint is expanding. More business operations are moving online and end-user devices—corporate-issued and user-owned—are expanding in number and variety. A reasonable question asked by executives responsible for making decisions on their organisations’ security budgets is whether their money and resources are being spent wisely. Are their businesses buying and using the best mix of security technologies to meet their needs and obligations? Read on.
Six Reasons to Empower Your SharePoint Citizen Developers
More and more business applications are being created by “citizen developers” - end users who are not IT developers but who create solutions for themselves and their groups. This white paper explores six reasons to embrace citizen development in an intelligent way that minimises risks and maximises the return on your SharePoint investment. Read now.