Cybersecurity Week in Review: A Bad Week for the Good Guys and Plenty of Food for Thought

June 12, 2015
By: Peter Bernstein

Let’s start with the headlines. As the week closes we are becoming increasingly aware that the of the U.S. government Office of Personnel Management (OPM) data breach that was revealed last week was much larger than previously thought.  We also found out that internationally respected data security solutions provider Kaspersky Lab (News - Alert) discovered a new nation-state attack, attributed to members of the infamous Stuxnet and Duqu gang, and the victim of the malware exploit was Kaspersky.  And, there were plenty of comments on the latest hack of celebrity photos as more than 570 iCloud accounts were compromised. As you can imagine my inbox was over-flowing. 

This week also saw a flood of new reports and surveys from security firms which are worth a read.  What follows is a sampling of recent research you might wish to review.

Lieberman Software is out with a survey that says complicated IT security solutions are not being properly deployed and, for most organizations, compliance trumps security.  Highlights, if you wish to call them that from the survey conducted at the annual RSA (News - Alert) event, include:   69 percent of respondents did  not feel they are using their IT security products to their full potential. As a result, 71 percent believe this is putting their company, and possibly customers, at risk. Plus, when survey respondents were asked why they don’t use their IT security products to their full potential, 62 percent revealed they either found the products too complicated to deploy, too time consuming to deploy, or didn’t think they had the expertise to properly deploy them.

Commissioned by Spikes Security and conducted by Spiceworks (News - Alert), a survey of 160 IT security professionals found:

Image via Shutterstock

Skyhigh Networks’ new report, “Cloud Adoption & Risk in the Government Report, revealed that the vectors of vulnerability are increasing in the U.S. as a result of the growing use of cloud services. The repost found shadow cloud services 20 times more prevalent than sanctioned cloud – adding pressure to CIOs responsible for FedRAMP and FITARA compliance regulations.

Security firm Venafi did some survey work at RSA as well, and released the results of its fourth annual RSA conference survey. Here too things are problematic to say the least.  Key findings include:

Last but not least of the report sampling is an intriguing focus relating to big data.  The first survey and research report from SANS was sponsored by Cloudera which was powered by Apache Hadoop. The study,  Enabling Big Data by Removing Security and Compliance Barriers, reveals key use cases for big data applications, how sensitive data access is managed, how effective their security controls are, and that the C-level should be taking responsibility for data governance and security.  Highlights of the responses included:

Suffice it to say the percentages cited are not reason for rejoicing. 

Since this is the season for security firms to report on what they are seeing in looking at data breaches of all types, there is going to be more news about the challenges of dealing with the increased frequency and sophistication of hacks of every variety.  There is also going to be a lot more pleas for both better visibility to avoid the long periods of time it is taking to detect many of these bad boys and calls for more data sharing.  This is a good thing if the good guys are to bend the curve on quickly detecting, protecting and remediating what has been a constant and consistent upward spike in malicious activities.  We will keep you posted. 

Edited by Dominick Sorrentino