BeckyStrause
Several of our blog posts are regarding staying safe & secure. This is because every time we turn around there is news about a new hack, attack, or aack! (As in, “Aack, they stole my password!”)
In recent weeks, the New York Times and Wall Street Journal have suffered breaches to their systems. Twitter discovered an unauthorized attempt to access user data, and concluded that limited data of 250,000 may have been accessed. The Department of Homeland Security encouraged users to disable Java on the browsers because of potential threats. Internet advertising network NetSeer suffered a hack causing website visitors to be warned that they were visiting was a “known malware distributor.” Yahoo mail was hacked by an individual who uploaded a video demonstrating how he did it. With stories like those continually in the news, we want to make sure to keep people aware and educated on security measures.
One security misconception is that if you only go to “trustworthy” websites, you’ll never get malware. Cisco’s 2013 Annual Security Report has proven that wrong. Their report states, “Our data reveals the truth of this outdated notion, as web malware encounters are typically not the by-product of “bad” sites in today’s threat landscape. Web malware encounters occur everywhere people visit on the Internet — including the most legitimate of websites they visit frequently, even for business purposes.”
Their point is that malware encounters happen most through Dynamic Content websites and Content Delivery Networks.
It’s not just the sites selling weight loss pills and fake Rolexes that you have to be concerned about. Malware attacks are common and becoming more common. In the argument of “Who’s to blame?” it’s important to understand that most websites are not intentionally serving malware.
Cisco also makes the following points:
The challenge of securing a wide range of applications, devices, and users — whether in an “any-to-any” or Internet of Everything context — is made tougher by the popularity of the cloud as a means of managing enterprise systems.
Addressing security challenges presented by virtualization and the cloud requires rethinking security postures to reflect this new paradigm — perimeter-based controls and old models of access and containment need to be changed to secure the new business model.
As the security experts work on new solutions, we have a few pointers for you:
For more security tips, check out our various blog articles on security, such as: