Tag: security

Phishing attempts triple

fishingEvery single day roughly 3,000 UK web users were sent a phishing attack between 2012 and 2013, triple the levels seen between 2011 and 2012.

That’s according to a new Kaspersky Lab’s report, “the evolution of phishing attacks”, revealing what was once a subset of spam has grown into its own category of cyber attack. The most targeted websites were Facebook, Yahoo, Google and Amazon, with Facebook and Yahoo overwhelmingly ahead as targeted sites.

Worldwide, attacks reached an average of 102,100 people each day, with the most common targets being web users in Russia, the United States, India, Vietnam and the UK. Most servers hosting the phishing pages were registered in the USA, the UK, Germany. Russia and India.

Kaspersky discovered that half of all identified attack sources came from only 10 countries, signifying there is quite a small number of preferred regions from which to launch the attacks.

20 percent of phishing attacks were set up to mimic banks or financial organisations.

Kaspersky’s deputy CTO for research, Nikiti Shvetsov, said the enormous increase shows that phishing is not just a subset for spammers. “These attacks are relatively simple to organise and are demonstrably effective, attracting an increasing number of cybercriminals,” Shvetsov said.

McAfee might miff Intel

mcafeeIntel might be a little cross that his royal weirdness John McAfee has created a fairly sleazy video explaining how to remove its security software from a PC.

According to the video, a drug taking McAfee is fed up with getting emails from people asking him how to get his software off their machines.

In a NSFW video he points out he flogged the company to Chipzilla ages ago, but gives are the instructions on how to get rid of the software.

In the video he is seen snorting certain substances and consorting with some very nice ladies in a state of undress.  McAfee, not the ladies.

Our thought is that while it is probably announced that McAfee is shafting his old brand, they are probably missing his presents at board meetings.    Er that should be presence.

Anyway it is clear that McAfee has not let his brush with the law get him down and is up to his old tricks now that he is back in the US.

Security resellers have golden opportunity

1-date-1805Resellers of security products have a golden opportunity to target the finance industry.

The Bank of England has warned that it is more concerned about hacking and other cyber attacks than it is about the Eurozone.

Andrew Haldane, the BoE’s director of financial stability, has met with five of Britain’s top banks six months ago and four told him that a cyber-attack was their biggest fear.

According to Reuters Haldane told the parliament’s Treasury Select Committee that the fifth bank did not have this on its top fear list until recently.

He said that the financial sector is a particularly good target for someone wanting to wreak havoc through the cyber route.

Earlier meetings with bank chiefs had pointed to the “usual suspects” of the euro zone crisis or a slump in the economy at the top risk, Haldane said.

But more now the financial industry thinks that economic worries have distracted attention from operational, and in particular cyber risks, at banks or in infrastructure like payment systems.

IT buyers out of touch with office needs

Canon logoCanon has commissioned a study which found those making buying decisions in the office are often out of touch with the needs of the actual user.

Canon Europe surveyed 1,671 end users and decision makers. It found that firms all over Europe are having a hard time bringing in technology to enable flexible working – with a real minority making sure employees had smartphones or tablet PCs. BYOD, then, is crucial at the moment, as those with these devices find they are crucial to their jobs.

Most respondents said they need advice and support from their IT departments if they’re to properly reach their working potential, whether in the office or on the go. Just one quarter knew the office technology inside out, and the report highlights many workers feel they are excluded when it comes to picking technology they feel would be right for their companies.

Canon also found that, while the majority of respondents work with sensitive documents, they are being allowed onto insecure devices on insecure networks. Many end users believe that their organisation is managing document security – when that isn’t a case at all, with under five percent of IT buyers indicating that as a concern in printing, copying or scanning.

The company’s European and UK marketing manager, Matt Wrighton, said the gap between staff and decision makers is obvious. “It’s clear to see how the division within organisations between the two key parties, decision makers and employees, will, if not already, prove harmful to productivity in the workplace,” Wrighton said.

PCKeeper lets customers pick their own price

buckguardA software outfit called PCKeeper has come up with a novel way of flogging its product.

It’s not setting a sale price – instead letting the customer decide what they want to pay.

The company said that it is experimenting with the same idea which allows for musicians and artists to allow their fans to pay what they want for music or art.

It is a radical concept for software because companies usually fear not getting their development costs back.

In this case it took a team of nearly 150 people almost two years to create and support the program so they want to make their money back.

The software normally has a retail price of $39.99 but will be available to customers for as low as $1.00. The idea is being tested out between June and July and it is not clear if it is just a marketing gimmick or if the company really is serious about it as a long term option.

PCKeeper’s communications manager, Ilias Melikov, said that letting people choose their own price is an interesting way to open up the product to consumers who price shop and also build trust with those customers once they use the software and see just how useful it is.

Still, even if the idea is canned after a month it could create regular users.

Resellers need wider mobility portfolios

DominicWordsworth_newResellers must begin to start building wider mobility portfolios and get cosy with disties in a bid to exploit the latest opportunities within the market, Computerlinks has said.

The company, which earlier this week announced an agreement in the UK and Germany with MobileIron, said the recent BYOD trend had been  good for starting conversations about mobility strategies organisations.

However, Dominic Wordsworth, product group manager at the company pointed out that the industry was now moving beyond just securing devices to considering how they can make staff not only mobile but also productive.

“MDM was the ‘knee jerk’ reaction by many to BYOD (both vendors and end-users) – securing the devise is an important start, but enabling and managing applications is the real challenge,” he told ChannelEye.

He pointed out that the companies with insight who initiated pilot mobility projects were now starting to move into company-wide rollouts.

“[This gives] the channel plenty of opportunities to get involved as businesses need to evaluate what applications are needed, who needs them and why. Vanity projects such as handing out iPads to executives are becoming more scarce, as organisations are becoming to demand real value from all of their devices,” he added.

Many channel partners are offering mobility products which allow IT departments to manage devices, however, Wordsworth claimed it was becoming clear that security was not the only factor at play here.

“To exploit the latest opportunities in the market, resellers should be building wider mobility portfolios around devices, applications and content. Focusing on one aspect of the mobility pitch won’t bring in those high-value contracts as organisations will generally be looking for the whole package rather than just a point solution.

“One way resellers can get ahead of the competition is by working with distributors that can offer extra services to help companies get mobile more easily, such as pre-sales support which can gives them access to current market expertise and knowledge,” he said.

Computerlinks claims that its new partnership with MobileIron will further continue to help resellers to drive their customers to deliver useful business applications to users over enhanced mobile networks to a secure endpoint, whatever the device.

It has also promised training for its channel partners around the new announcement, as well as helping them take advantage of its highly qualified pre and post sales consultants to support their own teams.

Dell attacks Cisco in mid-market

mikedellcloseupDell is talking big about taking on network behemoth Cisco, announcing its SonicWall NSA firewalls that it believes will disrupt the market.

Dell is promising protection for mid-sized organisations with its latest firewalls, promising customers that the SonicWall NSA software will assure “optimal network performance and total cost of ownership”, going on to say that its technology will even “render competitors’ traditional firewalls obsolete”.

Using a patented single pass, low latency Reassembly Free Deep Packet Inspection, or RFDPI engine, this kit, Dell claims, has enough power to take note of all network traffic, no matter the port or protocol, and can block threats before they worm their way into the network.

Dell boasts that the RFDPI engine has the twin benefit of combining a firewall with an intrusion protection system, and the software sports features like 10GbE SPF+ interfaces and high performance SSL decryption. Medium sized organisations will be able to use the kit to take advantage of security usually only afforded for enterprise grade network security, Dell claims.

Dell exec director in product management, Patrick Sweeney, said the company believes these “products are game-changers as we take on Cisco in the critical mid-market”.

As web threats get more sophisticated, penny pinching mid sized organisations swamped by economic stagnation need excellent security to make sure they are not even more vulnerable than they already are. Problems with funding staff training or specialisation are common, too, so Dell thinks its latest product can help.

McAfee, Stonesoft merger bad news for channel

Intel-logoCompetition in the security market is increasing, meaning businesses and consumers could eventually end up paying higher prices to keep their PCs protected, resellers have warned.

The comments come as it was announced that Intel’s McAfee was splashing $389 million on the purchase of Stonesoft a security company that delivers software-based customer-driven cyber security products to secure information flow and simplify security management.

McAfee said Stonesoft’s product portfolio of next-generation firewalls would help it “extend its leadership position in network security.” It said it planned to integrate Stonesoft’s offerings with other McAfee products such as its cloud-based Global Threat Intelligence services.

However, resellers aren’t convinced the company is doing it to perfect the security world, claiming the buyout will stifle competition and keep customers “over barrels.”

“Intel and other big vendors are gobbling up smaller companies, closing the competition,” one told ChannelEye.

“This means that eventually we’ll be left offering clients only a few security software options at higher prices for the vendors but lower margins for us as we try and compensate for their greed.”

Another agreed, claiming companies were using the fact that everyone needed security to rake in the cash.

“The security world has gone mad. But then big security companies can afford to splash the cash. Not only do they charge extortionate amounts for security but have many over a barrel. It’s like car insurance,” he told ChannelEye.

“Everyone needs it to be safe but no one wants to pay the premiums for it.”

Others also pointed out that although it was a good time to be in security, resellers rarely benefited.

“It’s big money in the security software market if you’re at the top, as this proposed buyout has shown,” he said.

“However resellers like us rarely see the fruits of the profits. Our clients are often quite au fait with security and buy off the shelf, or won’t spend the money we require to see rewards.”

‘BadNews’ malware family infiltrates Google Play Store

dandroidLookout has unearthed a new family of malware it is dubbing BadNews – which has emerged in the Google Play Store for Android devices.

According to Lookout’s research, BadNews poses as an aggressive ad network – however, it floods the user with application install prompts and brings up fake news, all with the agenda of pushing more malware and affiliated apps.

In its early days, Android in particular was dismissed by critics as being unreliable on the security front thanks to the open access nature of the OS. The Play Store, or Android Market as it was known, did occasionally sport dodgy applications that would mimic other popular apps but were anything but.

BadNews, Lookout says, is significant because it has managed to distribute itself so far and wide – using a server to delay malicious behaviour. The security company has let Google know about the malware, and all developer accounts associated with BadNews have been suspended and are being investigated.

BadNews and its affiliated could have been downloaded as many as 9 million times. Not all apps that have been compromised had malicious code in them, but BadNews, LookOut says, puts a “significant number” of users at risk.

The malware also threatens to leak sensitive information such as phone numbers and IMEI codes.

It is a reminder that as smart device use becomes more widespread, so will malicious coders targeting these devices. While at one time mobile security features were panned by some corners, it can’t hurt to have a legitimate piece of antivirus software installed on your phone and to only download trusted applications, as malicious coders will increasingly target the etailing and digital services space.

Gartner consults crystal ball about cloud

crystalAround 10 percent of IT security enterprise products will be delivered through the cloud by 2015, Gartner has said.

Gazing into its crystal ball, the analyst house has also said that these services will also drive changes in the market landscape, particularly around a number of key security technology areas, such as secure email and secure Web gateways, remote vulnerability assessment, and Identity and Access Management (IAM).

It said as a result it expected the cloud-based security services market to reach $4.2 billion by 2016.

Eric Ahlm, research director at Gartner said demand remained high from buyers looking to cloud-based security services to address a lack of staff or skills, reduce costs, or comply with security regulations quickly.

He said the shift in buying behaviour from the more traditional on-premises equipment toward cloud-based delivery models offered “good opportunities for technology and service providers with cloud delivery capabilities.”

He warned that those without such capabilities needed to act quickly to adapt to this “competitive threat.”

Gartner referenced a security survey from January which  it said showed high demand from security buyers for cloud-based security service offerings. Security buyers from the US and Europe, representing a cross section of industries and company sizes, stated that they planned to increase the consumption of several common cloud services during the next 12 months.

The highest-consumed cloud-based security service is email security services, with 74 percent of respondents rating this as the top service.

Furthermore, 27 percent of the respondents indicated they were considering deploying tokenisation as a cloud service, while another area cited for growth was security information and event management (SIEM) as a service.

Gartner is now advising value-added resellers (VARs) to supplement product implementations with cloud-based alternatives that offer large customers reduced operational cost and thereby increase the likelihood of customer retention in this market segment. VARs that fail to offer cloud-based alternatives might experience a decline in implementation revenue from customers seeking cloud-based solutions in certain market segments.
Around 10 percent of IT security enterprise products will be delivered through the cloud by 2015, Gartner has said.

Rubbing its crystal ball the analyst house has also said that these services will also drive changes in the market landscape, particularly around a number of key security technology areas, such as secure email and secure Web gateways, remote vulnerability assessment, and Identity and Access Management (IAM).

It said as a result it expected the cloud-based security services market to reach $4.2 billion by 2016.

Eric Ahlm, research director at Gartner said demand remained high from buyers looking to cloud-based security services to address a lack of staff or skills, reduce costs, or comply with security regulations quickly.

He said the shift in buying behaviour from the more traditional on-premises equipment toward cloud-based delivery models offered “good opportunities for technology and service providers with cloud delivery capabilities.”

He warned that those without such capabilities needed to act quickly to adapt to this “competitive threat.”

Gartner referenced a security survey from January which  it said showed high demand from security buyers for cloud-based security service offerings. Security buyers from the US and Europe, representing a cross section of industries and company sizes, stated that they planned to increase the consumption of several common cloud services during the next 12 months.

The highest-consumed cloud-based security service is email security services, with 74 percent of respondents rating this as the top service.

Furthermore, 27 percent of the respondents indicated they were considering deploying tokenisation as a cloud service, while another area cited for growth was security information and event management (SIEM) as a service.

Gartner is now advising value-added resellers (VARs) to supplement product implementations with cloud-based alternatives that offer large customers reduced operational cost and thereby increase the likelihood of customer retention in this market segment. VARs that fail to offer cloud-based alternatives might experience a decline in implementation revenue from customers seeking cloud-based solutions in certain market segments.

Employers rely on staff not to snoop

snoopBusinesses are placing too much trust in their employees when it comes to safeguarding company data, a survey by LogRhythm has found.

However employees are pulling the wool over their bosses’ eyes.

Questioning 1,000 employers, the cyber threat defence, detection and response company found 80 percent do not believe any of their workers would view or steal confidential information, while three quarters admitted to having no enforceable systems in place to prevent unauthorised access to company data by employees.

And some seem to have all the faith in the world when it comes to their staff with a third claiming they don’t believe they need such systems at all.

In addition, around two thirds of companies surveyed  admitted to not regularly changing passwords to stop ex-employees being able to access sites or documents.

However, on the employees side, it seems not all is well. In a separate survey of 2,000 staff LogRhythm found that 23 percent had accessed or taken confidential data from their workplace, with one in 10 saying that they do it regularly.

The most accessed confidential data related to details of colleagues’ salaries,  with 38 percent of staff admitting to snooping around to find this out, while a further 23 percent said they looked for details of colleague bonus schemes.

A huge 94 percent of those who had accessed confidential information or stolen company data had never been caught.

When asked, more than a quarter of employers could not identify the biggest threats to their confidential data, while 14 percent did not even know whether employees have stolen data – even though they believe employees would do so.

Ross Brewer, vice president and managing director for international markets at LogRhythm, came to the groundbreaking conclusion that this showed there was a “clear gap between businesses’ internal security procedures and the harsh reality of employee behaviour”.

Brits fail to secure their mobile devices

ipad3Despite many of us treasuring our mobile devices, we’re not taking precautions to keep them, and their content safe, a study has found.

In its latest report Norton by Symantec Brits are now living various aspects of their work, social and online lives through their mobile devices, surfing online, downloading apps and making payments through them.

In fact we’re so attached to our mobiles that 40 percent of those queried admitted that they could never give up their mobile device, and close to a quarter of adults even indicated that it would be one of the top two personal items they would save if their house was on fire.

A large majority – 63 percent – of mobile users indicated they also stored and access sensitive information on their mobile devices. However, they don’t seem to be guarding this with their lives with almost a half admitting to not using a password to help protect their personal data.

Norton said that this could prove detrimental in the event of theft or loss, giving thieves “a treasure trove of personal information” stored on the device, which can potentially be accessed. This includes personal emails, which could pave a potential gateway to other sensitive information such as work correspondence and documents, passwords for other online accounts, and bank statements.

The study also reveals that losing a mobile device is common, costly and stressful for consumers.

Around one in four adults have had a mobile device lost or stolen, costing individuals an average of £73 for the replacement or temporary use of a mobile phone, and double the money to replace a tablet.

However, it’s not security that comes to their minds when they lose a mobile phone with 39 percent of those asked claiming they were most worried about incurring costly bills due to telephone calls.

And it seems our keenness to get online is also letting us down with over a third
admitting to not always downloading applications from trustworthy sources, and 28 percent claiming that they do not use secure payment methods when making purchases from their mobile device, leaving their sensitive information such as credit card details vulnerable.

According to the survey, seven percent of UK mobile users have already fallen victim to mobile cybercrime.

Most adults also admitted to using free or unsecured public Wi-Fi hotspots, and half of them were concerned about the potential risks of using free or unsecured public Wi-Fi hotspots, but yet still go ahead.

Just over a third said they used free public Wi-Fi spots to check their personal emails and 16 percent of respondents said they accessed their bank details online through free, unsecured Wi-Fi connections, exposing their sensitive financial details to mobile sniffers.

Austerity pressures hospital CIOs

nhsleafletEurope-wide austerity programmes and spending cuts are placing more and more pressure on healthcare providers and hospitals to shrink their spending, and a report from IDC Health Insights claims one viable option will be consolidating their IT systems.

Increasing efficiencies must be a priority for hospital procurement and implementation, IDC claims. They will be striving to offer the same level of care, quality and safety with less resources, so in turn, to stay afloat, they should offer services coordinated with other providers in their catchment areas.

Silvia Piai, IDC Health Insights EMEA research manager, said that in a resource stretched scenario, keeping IT in line with long term business objectives is not an easy task. “Hospitals’ CIOs have to architect for reusability, interoperability, and scalability when implementing new enterprise and line of business solutions, Piai said. “Just keeping the lights on for the existing systems will only drive them to a budget-cut vortext”.

Hospital IT departments are usually driven, IDC pointed out, by regulation compliance. Other aspects in chain management and governance are underestimated, and this leans on a hospitals’ capabilities in risk management.

Top on the agenda for hospital CIOs at the moment is electronic medical records. Health information exchange exchange focusing on cooperation with other providers “is still relatively low,” IDC said. High investments are being put into e-procurement, business intelligence and analytics.

Speaking with over 100 European hospital executives about their business priorities, IDC noted that pressure to reduce public expendiature is reflected in hospitals’ needs to improve performance and IT costs. Strong financial and legal penalties for failing to meet regulatory requirements in emerging areas such as data capture, retention, protection and security are ultimately determining the course of hospital IT investment.

IDC notes change management will include alternative governance models and this challenge is being underestimated in IT. It will bring together physicians and nurses from different care centres, IDC said, or changes in funding models that offer incentives for care and collaborative culture.

Computerlinks becomes B2B Kaspersky distie

kasperskylogoDistributor Computerlinks has won a contract to sell Kaspersky Lab’s portfolio with a view to drive growth in the B2B market.

Kaspersky hopes this strategy will boost the company’s routes to market as well s increasing its presence in the UK. Computerlinks will offer channel partners Kaspersky’s Endpoint Security for Business as a key asset in its security portfolio.

Endpoint Security for Business lets companies both control and protect on site devices as well as cutting resource demands on IT teams, bringing mobile device management, data protection, systems management, and endpoint under one management console.

Director for B2B sales and marketing at Kaspersky Lab, Matthew Robinson, said that Computerlinks’ experience in value-add will prove “invaluable” to customers and channel partners.

He added that Kaspersky’s new strategy, which focuses on a full value model running along with the existing volume business, will keep Kaspersky “at the forefront of the evolving channel landscape”.

Computerlinks’ director of core technologies, David Caughtry, said that the deal is part of Kaspersky’s “exciting stage of growth”.

Alvea offers SMBs, channel, managed network security

gardnerIt “makes no sense” for the channel and small businesses to ignore the security market, Alvea has said, speaking with ChannelEye.

Recent research from channel analyst house Canalys suggests that the security industry is growing 10 percent year-on-year. According to Alvea, however, it can be tough for small businesses to stay on top of the ever changing security landscape, especially in a difficult economic climate.

The comments come as it launches its Managed Network Security service in the UK and Ireland.

Managed Network Security, which is the latest addition to the company’s services portfolio, is designed to help small and medium businesses (SMBs)  protect their networks from security threats and will be sold through the firm’s channel partners.

Neil Gardner (pictured), professional services development and operations manager at Alvea Services, pointed out that although it is urgent for SMBs and channel players to keep up with current threats, it can cost serious money and time.

Gardner told ChannelEye the company can help channel partners keep up with these threats thanks to its relationship with distributor Computerlinks. Although the Alvea brand is an independent service, it is supported by technical expertise and infrastructure from Computerlinks.

“Computerlinks has been in this industry for over 20 years and has an office built around a range of engineers and techies who keep up with the day-to-day threats in the security market,” Gardner said.

“Therefore what we offer our partners can be better than our competitors. Either a fully managed service contracted to us or a managed support package run by the partner.

“We want to give our partners an a la carte package, where they can also mix and match services. If we look at the competitor landscape we at best match prices with our rivals. However we offer a better service,” he said.

The new service includes both a firewall and a Virtual Private Network (VPN) delivered on a choice of hardware security appliances.

According to the company, the range of appliances available within the Managed Network Security service ensures that resellers can select the product that is best suited to their customer’s network requirements. They can also offer consultancy skills to customers to ensure the provision of the right level of protection and investment.

As businesses grow, resellers have the scope to add new service modules.

Alvea said this gives them the chance to remain in constant contact with customers, hold regular service reviews and foster a long-term relationships that may lead to additional sales opportunities.

Resellers can also offer the option of a managed security service to their customer bases without incurring the high costs of becoming a managed service provider themselves.