As PCI becomes more accepted as a security framework, we can expect to see more states adopt laws similiar to Minnesota.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9020923&
source=rss_topic17
[Editor's Note (Valle) Much of the PCI standard is just good network security practice that companies should have been implementing long ago.]
This New York Times articles describes the April – May DDOS attacks that took down a good part of Estonia’s digital infrastructure.
This is the first time in history that DDOS attacks have been considered a “national security situation”.
http://www.nytimes.com/2007/05/29/technology
/29estonia.html?_r=2&oref=slogin&oref=slogin
[Editor's note (Valle): Estonia probably could have mitigated a lot of the damage is they had had anti-DDOS protection either in the "cloud" at their ISPs or if they had appliances like the Cisco Traffic Anomaly Detector and Cisco Guard DDOS Mitigation Appliance.]
A security researcher decided to test how gullible web surfers really were and created a Google advertisement that prodded people to click on it and get infected. Guess how many people clicked?
http://www.computerworld.com/action/article.do
?command=viewArticleBasic&articleId=9019922
&source=rss_topic85
[Editors Note (Valle) It just goes to show you that now matter what sort of security defenses you put up in your company the weak link will always be the people. A good Cisco (IronPort) product to position for this would be the IronPort C series appliance which can filter HTTP traffic coming over Port 80]
Google has found that almost 1 in 10 websites has some sort of malicious code..
http://www2.csoonline.com/blog_view.html?CID=32927
[Editor's Note (Valle) Google has confirmed what many security companies having been saying for a while: Many websites are now compromised and making bot nets out of their victims. This study also validated new malware trends:
1) Hackers are using scripting languages to determine how a computer is vulnerable and then requesting an appropriate exploit from a centeral server.
2) Hackers are changing binaries to get by AV programs.
As per the previous post, the IronPort C series appliance would help enterprises stop trojans and malware from being downloaded and as another layer of defense CSA could be recommended as well
Panda labs is the latest security lab that has acknowledged that they are overwhelmed with the increase of malware
http://www.net-security.org/secworld.php?id=5110
[Editor's note (Valle) Article reinforces the idea that traditional signature-based defenses are now almost useless against zero-day threats. It also touches on the trend of malware becoming stealthier which gives people a false sense of security that their computers are not infected when they really are.
Nearly half of professionals from across a wide range of industries admit they have taken data with them — everything from documents and lists to sales proposals and contracts — when they’ve changed jobs.
http://www.informationweek.com/news/showArticle.jhtml
;jsessionid=XUXSHKNUY13P2QSNDLPCKH0CJUNN2JVN?articleID=199500629
[Editor's Note (Valle) With CSA IT managers can create policies for certain files on a computer so an employee will not be able to copy, paste, transfer, or print the information]
This article talks about a study that shows that thumb drives have become a top concern amongst IT managers.
http://www.informationweek.com/news/showArticle.jhtml?articleID=199300021
[Editor's note (Valle) With CSA a can create an acceptable use policy for thumb drives and enforce compliance]
