With malware like Backoff around, IT security can't be about protecting egos
If you’re a CIO who takes offense when someone questions your IT security program, it may be time to get out of your own way for the sake of your company. That’s the provocative view of Kevin Beaver, an information security consultant — floated in this week’s Searchlight news roundup by Associate Site Editor Fran Sales.
“The interesting thing, to me, that rarely comes up in these discussions is how the CIO can actually be part of the security problem. Not many, but quite a few CIOs view security as a threat to their jobs,” said Beaver. “If you point out security risks, then you’re pointing out their shortcomings.”
But, as Sales gently admonishes, this is no time for protecting egos or turning a blind eye to security. Guarding a company’s information assets will require the attention of everyone in the enterprise from the top down, as a new report published by the Department of Homeland Security makes clear.
Released this week, the report reveals that attackers use brute-force cracking to log into remote desktop solutions. Once they gain access, hackers deploy Backoff, a family of malware capable of memory scraping, keylogging, and command-and-control communication and injecting malicious stubs. With malware like Backoff to contend with, companies need a multilayered approach to security — and a lot of human vigilance. The column also includes the report’s tips for improving security.
In other news, Facebook is giving its mobile messaging user the next few days to download its dedicated Messaging app, Singapore has managed to integrate NSA’s mass surveillance and data mining into their society without laws getting in the way (hmmm!), and much more in this week’s Searchlight.