Wednesday, November 28th, 2007
SunGard Availability Services and TDG plc break new ground.
http://www.continuitycentral.com/news03615.htm
Two UK companies are the first in the world to have achieved certification to BS 25999, the business continuity management British Standard. On the day that BS 25999 part two was published (20 Nov), certificates confirming compliance were awarded by BSI Management Systems to TDG plc and SunGard Availability Services (UK) Limited at a presentation in London.
BSI Management Systems managing director, Flemming Norklit said: "The significance of today’s presentation is huge for organisations throughout the world who hope to minimise the risk to their businesses presented by the threat of disruption.
"TDG and SunGard are at the head of a long and growing line of leading-edge companies wishing to prove that they are doing what is required to protect their businesses. At our launch events last month in London, New York and Tokyo we had record numbers of attendees and the level of demand for certification to BS 25999 is like nothing previously experienced in the world of standards, not only in the UK but all over the world."
Mr Norklit added: "The moment BS 25999 part two was formally published we reviewed the document and confirmed that TDG’s and SunGard’s management systems fully complied. Not only can they and their stakeholders be assured that they have a robust business continuity management system, but they have helped us to develop an assessment and certification scheme that from today we will be offering to clients around the world."
Simon Beesley of TDG, UK-owned European supply chain specialist, believes that achieving the certification will give his company a competitive edge. He added: "Our major clients such as supermarket retailers have long insisted that we prove we have solid plans in place to provide business continuity and thus assurance of supply. Now that we have BSI’s certificate, proving that fact is significantly easier. We will now be insisting on it from our suppliers and expect it to be widely adopted throughout our industry."
In accepting his award for certification against the Standard, Keith Tilley, managing director UK and senior vice president for Europe at SunGard Availability Services commented:"Given our four decades’ heritage in business continuity management, we recognise how BS 25999 can not only help organisations become more resilient, but more agile and competitive as well. Certification against the standard not only demonstrates our commitment to best practice to customers, it also provides us with valuable insight into the issues and challenges that certification may present."
Robin Rumbles, customer experience director, SunGard Availability Services (UK) Limited receives BS 25999 certificate from Flemming Norklit, British Standards Institution.
Posted in Business Continuity Management | No Comments »
Wednesday, November 28th, 2007
Massive UK tax office data breach exposes 25MM names
Two lost CDs cause the largest UK data breach ever and compromise the personal details of every child in the country as well as the bank accounts of their parents or guardians - http://www.itcinstitute.com/info.aspx?id=45099
NIST updates security guidelines for control systems
Out-of-cycle update lists available technology - http://www.itcinstitute.com/info.aspx?id=45100
Fraud artists and hackers gear up for the holidays
E-commerce fraud losses are expected to be up 20 percent this year - http://www.itcinstitute.com/info.aspx?id=45101
SOX compliance gains traction
Disclosures and material weaknesses are down, and fewer late filings are blamed on SOX compliance difficulties - http://www.itcinstitute.com/info.aspx?id=45102
Chinese hackers pose major economic threat, report complains
Technological espionage is cheaper than technological development - http://www.itcinstitute.com/info.aspx?id=45103
Posted in Compliance Management, Industry News | No Comments »
Friday, November 23rd, 2007
What changes can we expect to see in terms of information security threats during 2008?
http://www.continuitycentral.com/news03614.htm
McAfee, Inc. has released its top ten predictions for security threats in 2008. Researchers at McAfee Avert Labs expect an increase in Web dangers and threats targeting Microsoft’s Windows Vista operating system, among other new or increased threats. At the same time ad-serving software known as adware is expected to continue to decrease.
“Threats are moving to the Web and newer technologies such as VoIP and instant messaging,” said Jeff Green, senior vice president of McAfee Avert Labs and product development. “Professional and organised criminals continue to drive a lot of the malicious activity. As they become increasingly sophisticated, it is more important than ever to be aware and secure when traversing the Web.”
McAfee Avert Labs’ top 10 security threats for 2008:
Bull’s Eye on Web 2.0
Compromises and malware at Salesforce.com, Monster.com and MySpace, among others, represent a new trend in attacking online applications and social networking sites. Attackers are using Web 2.0 sites as a way to distribute malware and are data mining the Web, looking for information that people share to give their attacks more authenticity. McAfee Avert Labs expects a large increase in this activity in 2008.
Botnets follow the Storm
With a handful of high-profile prosecutions of bot herders in 2007, criminals will be seeking better ways to cover their tracks. The Storm Worm set a worrying precedent. Also known as Nuwar, the Storm Worm has been the most versatile malware on record. The creators released thousands of variants and changed coding techniques, infection methods and social engineering schemes far more than any other threat in history. Storm created the largest peer-to-peer botnet ever. McAfee Avert Labs expects others will ride the coattails of that questionable success, pushing up the number of PCs turned into bots. Bots are computer programs that give cyber crooks full control over PCs. Bot programs typically get installed surreptitiously on the PCs of unknowing computer users.
IM = Instant Malware
The scenario of a ‘flash’ worm via instant messaging applications has been foreshadowed for years. This threat could spawn millions of users around the globe in a matter of seconds. There has been malware that spreads via IM, but we have yet to see such a self-executing threat. However, this may be closer than ever as the number of vulnerabilities in popular instant messaging applications more than doubled in 2007 compared to 2006. More importantly, there were 10 high-severity risks in 2007, compared to none in 2006. Additionally, the top IM virus families of 2005 and 2006 were replaced with new active threats, signifying an out with the old and in with the new milestone. Skype saw its first batch of worms in 2007. Many more are expected to follow.
Target: online gaming
The threat to virtual economies is outpacing the growth of the threat to the real economy. As virtual objects continue to gain real value, more attackers will look to capitalise on this. The evidence is already there. The number of password-stealing Trojans that targeted online games in 2007 grew faster than the number of Trojans that target banks.
Vista joins the party
In 2008, Windows Vista is set to gain additional market share and cross the 10 percent barrier. The release of Service Pack 1 for Vista is also likely to accelerate the adoption of the Microsoft operating system. As Vista becomes more prevalent, attackers and malware authors will start in earnest to explore ways to circumvent the operating system’s defences. There were 19 Vista vulnerabilities reported since its release earlier this year. We can expect a lot more Vista vulnerabilities to be reported in 2008.
Adware continues its decline
The US government crackdown against purveyors of ad-serving software has had a positive effect. The combination of lawsuits, better defences, and the negative connotation associated with this form of advertising helped start the decline of adware in 2006. This trend was confirmed in 2007 and with the major players out of the game; adware is expected to continue its decline in 2008.
Phishers catch a wider net
Cybercrooks will increasingly target smaller, less popular sites with data-thieving phishing scams. It has become tougher and riskier to target top-tier sites as the big-name brands are responding more quickly and providing increased security. Knowing that a large percentage of people reuse their usernames and passwords, less popular sites are likely to be targeted more frequently than before, giving criminals the same access.
Parasitic crimeware takes root
Parasitic infectors are viruses that modify existing files on a disk, injecting code into the file where it resides. While crimeware was storming ahead in recent years, parasitic malware faded to the background. In 2007 several crimeware authors turned old school to deliver threats like Grum, Virut, and Almanahe; parasitic viruses with a monetary mission. The number of variants of an older parasitic threat, Philis, grew by more than 400 percent, while over 400 variants of a newcomer, Fujacks, were catalogued. We expect a continued interest in parasitics from the crimeware community, with overall parasitic malware expected to grow by 20 percent in 2008.
Virtualization transforms information security
Security vendors will embrace virtualization to create new, more resilient defences. Today’s complex threats will be easily defeated, but researchers, professional hackers, and malware authors will begin looking at ways to circumvent the new defensive technology, continuing the classic game of cat and mouse.
VoIP attacks to rise 50 percent
Already this year, more than double the number of security vulnerabilities have been reported in Voice over IP (Internet Protocol) applications, compared to all of 2006. We have also seen several high-profile ‘Vishing’ attacks and a ‘phreaking’ conviction. It is clear that VoIP threats have arrived and there’s no sign of a slow-down. The technology is still new and defence strategies are lagging. McAfee Avert Labs expects a 50 percent increase in VoIP-related threats in 2008.
http://www.avertlabs.com/research/blog/
Posted in Compliance Management, Risk Management | No Comments »
