Bank robbing used to be easy. If you could get past the main vault, you could get instant access to all the cash. Within today’s modern banks, the vault’s exterior provides just one layer of perimeter security. Now banks incorporate an assortment of other layers of security, such as safety deposit boxes, which make accessing everyone’s cash at once incredibly difficult, if not nearly impossible. Continue Reading…
A decade ago, Windows machines were perceived as the target of all malware. Today, malware is a threat to all platforms. Rather than one popular operating system being inherently more secure than another, it seems malware increases in tandem with the OS’s use. The more popular it becomes, the more targeted it is, and the more vulnerabilities are found.
Today, our smartphones connect us with social media accounts, banking services, and retailers. The important question for a mobile device is not just whether its operating system is secure, but whether it has an effective security patching strategy for when (not if) the latest malware eludes a device’s safeguards. Even mobile and desktop operating systems designed with security first have had problems that called for this kind of effective update management.
Security in the mobile world
The mobile device market is dominated by two operating systems. Android owned 81.5 percent of the market in 2014, compared to 14.8 percent for iOS (not unlike the Windows and OS X situation of years ago).
However, only Apple can patch its mobile operating system similar to the way desktop OS manufacturers patch security holes and shortcomings. Android’s openness is a strength, but also its greatest security weakness because Google doesn’t have the last say when distributing security updates and patches – the OEMs and service providers hold that power. In addition, controls that block the installation of unknown, third-party software are easily circumvented, providing an easy avenue of attack for cybercriminals.
Unsurprising then is our finding that the vast majority of mobile malware — 99 percent in fact — targets Android devices. The number of attacks and different kinds of mobile malware are growing at a staggering pace, and in 2014, the number of mobile malware attacks against Android more than quadrupled, affecting about one in five Android devices.
Most people aren’t aware that Google is virtually powerless to stop malware from compromising an Android device, unless the program comes through the Play Store. Only a small percentage of users are aware that mobile malware even exists and that they need protection software to defend against it. When you consider that mobile devices now often store critical information – credit card numbers, online banking logins, etc. – and are more vulnerable to a host of attacks, it’s critical to defend devices against malware.
Though we have battled malware on desktop operating systems for years, there’s still room for progress in some areas on mobile. Most users don’t get updates in time, or at all. Plus, users are installing unknown, third-party software left and right, but have no controls (e.g., security software) in place to detect malicious apps or activity.
Complicating matters is Apple’s controls for iOS. It’s true that software sources are more tightly controlled through the App Store, but protection software is banned, and it’s unclear how often iOS devices are compromised.
Moving toward better mobile security
Understanding the current threats to your mobile device is key. No matter what kind of mobile device you use, you must realize the importance of the data on it, and exercise commensurate caution when installing apps, opening URLs, or choosing whether to enable encryption.
If you are using an Android device, there is a significant chance (one in five, likely more) that you will be targeted by malware in the next year. This malware will likely try to steal financial information from your device, or abuse it in a way that hurts you financially. And it’s very likely that we’ll see even more ransomware – software that encrypts your files with an encryption key that will be revealed only after the payment of a ransom – being targeted at Android users.
To effectively protect a device from these threats, first pick an Android device whose updates are handled directly by Google, and make sure updates are installed when available. It’s also advantageous to block the downloading of third-party applications and install protection software that can ward off any malware.
If you are using an iOS device, you are likely safe — for now. If you install updates as soon as they are available, and avoid downloading and installing apps you don’t trust, there’s a very small chance you’ll be subject to malware attacks in the near future. But as iOS increases in market share, so will the number of potential malware attacks.
About the author
Michael Canavan is the Vice President, Sales Engineering, Kaspersky Lab North America. He is responsible for overseeing all pre-sales systems engineering activities in the region, including North America B2B sales product training, which includes a standardized onboarding initiative for the sales team as a whole, guiding senior sales management regarding technology and solutions, and acting as a solution evangelist for North America B2B sales both internally and externally. Michael brings more than a decade of engineering experience to his role. Prior to joining Kaspersky Lab in 2010, Michael held various roles at Trend Micro in Sales Engineering and Product Management.
We sometimes lose sight of these obvious points when talking about patching and vulnerability management. At Tenable, we often discuss vulnerability management (it is what we do), which leads to conversations about patching and patch management (even though that is not what we do). Patch Tuesday has driven systems administrators and vulnerability management professionals into a myopic patch mentality; sometimes it works well, sometimes it works just well enough, and sometimes it leads to stupidity.
Patching isn’t always the answer. When vulnerabilities are found, there should be a logical process for dealing with them. While “slap a patch on that bad boy” is often a great answer, and frequently the easiest, it is not the only response to network vulnerabilities. Continue Reading…
From national chains to neighborhood shops, retailers understand that tablets can greatly enhance shopper experiences and they continue adopting this technology in store. Tablets and their applications possess such potential for changing the way people shop and spend that eventually all stores will be connected.
Today’s shoppers are more knowledgeable than ever before, and they’re demanding in-store, experience-altering technology – digital price tags that reflect price changes, kiosks that provide assistance and deals, and mobile checkouts, for example. Retailers are appealing to these shoppers with tablets, and are using these devices to interact with shoppers and to drive sales.
Here are five ways retail stores are creatively using tablets to reach today’s shoppers: Continue Reading…
The word cloud can mean many things depending on your comfort level and knowledge of the technology. The cloud is everything from the personal file sharing folder connected to your email address to the full soup-to-nuts solution that runs retail websites.
While the cloud offers a number of advantages and efficiencies, some companies and their IT departments remain hesitant about moving their services to the cloud. Consider the story of one of my clients: A bricks-and-mortar retailer was running its website on its own servers, but was interested in moving to a cloud-based solution – Amazon Web Services (AWS). It faced several challenges on the road to cloud migration, including concerns about performance and security for its customers, the need for a different IT mindset, and a desire for visibility into the system.
Its story offers a few factors for any organization to consider if you’re debating moving your website or services to a cloud solution. Continue Reading…
Tags: Amazon Web Services, Apparatus, Brian Shaw, Guest posts, Retail
Workloads are your company’s lifeblood. Physical servers, virtual machines (VMs), or a combination of both are running Microsoft Exchange, SharePoint, and various other applications. Inevitably the time will come to migrate these workloads to different hardware or VMs.
For organizations running Microsoft Windows 2003, that time is coming soon. These companies will need to migrate those servers to a new operating system before Microsoft ends support in July of this year. Migrating workloads from one server to another can be difficult, whether from one version of an operating system on a physical server to a newer version on a physical server, from a physical server to a virtual server, or from one hypervisor platform to another. Application and version compatibility issues, network connectivity, and authentication and security problems can present challenges during a migration. Many organizations conducting a migration experience one of these situations; a recent survey conducted by IDC found 48 percent of companies run both physical and virtualized servers, and 54 percent of companies run more than one hypervisor in their environment.
This is especially true when moving a production workload to a new OS environment when it is intimately linked to the current environment. The two most critical steps in every migration are effectively backing up a full log of the data, and using the right tools to conduct the actual migration. Full image backups ensure all data – content and application settings, for example – can safely be migrated, and universal migration tools can simplify the actual process so it’s as easy as it is effective.
If done incorrectly, organizations can lose data, extend downtime, miss revenue opportunities, and adversely affect customer service perceptions – not to mention the long, hectic extra hours it takes to fix the problem. Continue Reading…
Consumers are evolving. Mobile devices, social media, and always-on Internet access have set new expectations for their shopping experience. And the speed of this shift has left some retailers struggling to find the best way to connect with this new generation of shoppers in store and online.
Traditionally, retailers have found ways to engage with their customers using historical data, but this is like looking at a photo: It reflects the past, but not necessarily the present. While retailers may be analyzing data and marketing to their consumers, if they are strictly using historical data, they may not be meeting their customers’ current needs. In order to compete, retailers must be able to answer “now” questions: What are customers doing now? Where are they now? What are their intentions now?
Retailers must look beyond historical data and bring in new data sources — social, mobile, and clickstream – to have a relevant and valued interaction with customers in real time. Continue Reading…
Network security is critical for any organization, but in the health care space, with the personal and medical details of millions of individuals in the balance, the stakes are even higher. Out-of-date software, unimplemented patches, or even outdated passwords could be the vulnerability that exposes the sensitive information of an innocent and unsuspecting patient base. Two recent security breaches suffered by prominent U.S. health insurers highlight these vulnerabilities.
In February, Anthem Inc., the second-largest health insurer in the U.S, revealed that a previously-disclosed hacker attack compromised the health care records of as many as 80 million individuals. A few weeks later, Premera Blue Cross reported that the personal, bank, and health data of an estimated 11 million individuals was exposed when hackers penetrated its system in a similar assault.
These two high-profile security breaches have intensified the spotlight on data security, and raised several important questions for health care organizations (what HIPAA calls “connected entities”) and groups that provide supporting services to health care entities (called “business associates”). These groups should be asking the following questions: Continue Reading…
Imagine you had one cell phone to make phone calls and another to send text messages. And what if you had to tote around a third device solely to send email, and then yet another tool to access your daily calendar?
It’s easy to realize the absurdity of that scenario, but many IT environments are divided in a similar way. Modern technology is built to avoid fragmentation, and just as a single phone consolidates a wide range of functions, it should be similarly easy to realize a more commonsense approach to the critical IT integration infrastructure in your organization.
Efficient communication means the reliable exchange of documents, files, and messages among customers, employees, suppliers, and contract workers, but it’s not always present. The constant movement of inventory, payroll, and invoice documents, and various other internal and external exchanges, drive business so having a slew of separate, disconnected processes should sound a very loud alarm.
Ask your nearest system admin if the design of his organization’s IT integration infrastructure is ideal; chances are the network is composed of disparate systems “glued together” with years of custom code. This dysfunction entangles IT, which has to invest time and energy in the maintenance, monitoring, and management of each singular piece of the network.
A pointed and efficient data environment should be a goal for every IT department. That’s where the consolidation of data integration can work wonders for a business. Continue Reading…
But often the biggest security risk is the one you’re not paying attention to. It’s not forgetting to patch security vulnerabilities, or not running antivirus, or relying on outdated software. Those are bad ideas, for sure, but there is one idea that’s worse than all of those combined: Not conducting regular data backups.
Organizations that don’t follow through with regular data backups aren’t alone, and a proper system backup solution doesn’t have to be a budget-busting endeavor. IT can easily fill this security gap with the right support. Continue Reading…