| |
4 Reasons Why Executives are the Easiest Social Engineering Targets
CSO Online (08/14/10) Goodchild, Joan
Company executives are often the least secure employees when it comes to social networking web sites. The first reason is that high level employees and important people in the company feel that they should not have to follow the same rules that everybody else in the company follows. Also, because they have access to more sensitive and important information, they should actually be doing the opposite. They feel that since their jobs are so demanding, they don't need to have their content filtered or their internet activity monitored or logged. The second reason that company executives are such a big threat is because they feel that the security in place will protect them from all things bad. However, when they turn off things like firewalls, that also turns off their protection. The third reason is that most higher ups have the newest technological products, such as iphones. Because products are newer, the IT and Security departments may not have investigated the safety of the product with their system, yet. The final reasons that executives are the highest risk when it comes to social networking sites is that criminals will target the families of the executive, and often the families are not aware of this. Because the executive may have shared a laptop with his or her children and spouse, this adds an additional risk.
Businesses Grapple With Mexico Security Risks
Dallas Morning News (TX) (08/29/10) Villagran, Lauren
Ryder Systems Inc. is one of a number of Texas firms beefing up security as they try to deflect threats to their operations, supply chains, and employees. Ryder, for example, uses GPS to track the location of each of its trucks moving goods north through Mexico to the border. Private security guards accompany especially sensitive loads. At Ryder's facilities near the border, drug dogs and inspectors examine every container before it enters Texas -- the company oversees roughly 3,000 border crossings every week -- or elsewhere. And if a load does not arrive on time, alarms go off and the dogs do their inspections three times instead of just once. "My primary security concern in the cross-border operation is the smuggling," said Gustavo Passa, Ryder's senior security manager for Latin America. "We're talking about drugs and we're talking about people." With the increasing threat of smuggling attempts by criminal gangs in Mexico, foreign firms are simply doing more, investing more and in the process passing the costs on to customers to ensure security in a country where murders, kidnappings, and extortions have become almost routine.
Forced Labor Threats
Security Management (09/01/10) P. 42 Berrong, Stephanie
Many companies outsource as a way to save money, but due to poor working conditions at foreign factories, many different companies could be contributing to forced or child labor, unknowingly. Years ago, in the United States, the government had to prove that someone knew they were engaging in a violation of human rights and also had to benefit financially. However, with the new law, brought into affect by the Trafficking Victims Protection Reauthorization Act of 2008, companies can be held civilly responsible and prosecutors need only demonstrated that the accused acted carelessly when it came to the means that might be used to produce a product. some of these suits have ended in large cash settlements. This can do more than just hurt a company's pocket book, it can severely damage a company's reputation. Currently, there is a list of many products that are thought to be produced by child or forced labor, compiled by the Department of Labor's Bureau of International Affairs. The list also categorizes the risks by the type of goods, the country, and if the product was created using either forced or child labor. To ensure a company is not contributing to forced labor, it is recommended that they make a compliance program, including strong training, contract provisions, audit rights, internal reporting, and vetting of third-party staff.
Travel Safety Not a Corporate Priority
Business Times Singapore (09/09/10)
A recent survey conducted jointly by The Association of Corporate Travel Executives and International SOS - a company focused on medical assistance and security services - found that most companies do not do nearly enough to keep their employees safe on work-related travel. The survey asked 165 companies, which consisted of some Fortune 500 companies as well as other businesses with a presence in South-east Asia. The survey found that most companies are more concern with keeping the travel budgets down, than they were about their employees safety and security. One third of those who replied claimed that their company only spent between one and 10 percent on security and travel safety. While events that people travel to for work are often trade shows and conferences, which are sometimes the target of protests, however many companies do not have any additional security measures in place, and 23 percent of those who responded that they didn't see a need for risk planning. While 82.7 percent of companies claimed that they provide insurance for employees who are traveling, only 9.4 percent said that businesses have any sort of travel safety training or education. Tony Ridley, International SOS director for security services, stated that "Training can help employees better prepare to cope with incidents."
U.S. Blacklists German-Based Iranian Bank
Wall Street Journal (09/08/10) P. A12 Fritsch, Peter; Crawford, David
The European-Iranian Trade Bank AG, based in Germany, was added to the U.S. Treasury's blacklist on Sept. 7, for its alleged financial support of Iranian companies involved in weapons sales. The move prohibits the Hamburg-based bank -- referred to as EIH Bank for its German initials -- from participating in U.S. financial activity. This publication reported earlier this summer that Tehran was increasingly dependent upon the EIH to carry out business on behalf of the regime's blacklisted firms. "As one of Iran's few remaining access points to the European financial system, EIH has facilitated a tremendous volume of transactions for Iranian banks previously [blacklisted] for proliferation," said Stuart Levey, the top counterterrorism official at the Treasury. EIH, an Iranian-owned bank with German licensure, becomes the 17th financial institution blacklisted by the United States for its support of weapons proliferation or global terrorism.
Al-Qaida Threat to West Exaggerated, Says the International Institute for Strategic Studies
Guardian (United Kingdom) (09/08/10) P. 18 Norton-Taylor, Richard
The International Institute for Strategic Studies (IISS) claims that the west's policy has gotten away from it's original goal of keeping al-Qaida terrorist attacks from happening in Afghanistan. IISS believes there should be a more prudent policy of "containment and deterrence." Moreover, they don't know if the United State's intention of building up the Afghan government, and holding off the Taliban can actually be accomplished. Not everybody agrees with the IISS report. David Cameron believes that the very existence of British armed forces in Afghanistan is crucial to inhibiting al-Qaida's return. IISS finds that the threat that people feel about the Taliban and al-Qaida is over exaggerated and could become a "long-drawn-out disaster." Senior IISS director, Nigel Inkster claims that al-qaida's numbers in Pakistan are very small and that most likely nothing will actually come of it, not even in countries like Somalia and Yemen. Others at IISS believe that too much attention has been given to al-Qaida and jihad threats when looked at in comparison to conflicts with Iran and the world's economic crisis. They also claim that the amount of troops stationed in Afghanistan is "out of proportion" to the threat the Taliban actually poses outside of Afghanistan. A government spokesman made a statement expressing the belief that troops are only six months into an 18-month operation and that there is no direct evidence that proves that their approach isn't working.
Attack Shows Lasting Threat to U.S. in Iraq
New York Times (09/07/10) Meyers, Stephen Lee; Adnan, Duraid
A group of at least six armed insurgents, some carrying suicide devices, attacked the rear gate of Iraq’s 11th Army Division, which houses the command responsible for security in Baghdad east of the Tigris River, a federal police brigade, and American advisers and the soldiers who protect them. No Americans were reported hurt in the attack. The insurgents first blew up a vehicle outside the base, killing the driver, while another suicide bomber detonated an explosive vest at a checkpoint. The attack continued for three hours as two insurgents escaped into a building on the base where they fired automatic weapons and threw grenades out of an upper floor window. At least 12 people were killed, at least four of them soldiers, officials said, and 36 others were wounded. The Baghdad Operations Command said that six insurgents had been killed. A spokesman for the American military in Baghdad, Lt. Col. Eric Bloom, confirmed in a statement that American soldiers had joined the defense of the compound, providing “suppressive fire” while Iraqi Army troops counterattacked. American military also had helicopters and unmanned aerial vehicles providing surveillance, and explosives experts took part in the forensic examination of the attack. President Obama announced the official withdrawal of U.S. combat troops in Iraq at the end of August.
Nine Years After 9/11, a Nationwide Safety Communications Network Is Unrealized
New York Times (09/07/10) Wyatt, Edward
Many fire fighters and police offers at the World Trade Center on 9/11 were unable to communicate with each other via radio, creating a puzzling issue that has remained unresolved. This problem was met again in 2005 after Hurricanes Katrina and Rita, when public safety officers from different jurisdictions relied on handwritten notes between command centers because they could not communicate with each other by radio. Most public communications experts believe that it will take years to create a single nationwide public safety radio system. Public safety and homeland security officials have assembled voice networks in some regions, including New York, that link commanders at various agencies, but Washington has begun to turn its focus on wireless broadband rather than radio. Public safety groups argue that they must have control over a greater portion of broadband spectrum to ensure adequate capacity in an emergency. Other legislators and officials from the Federal Communications Commission (FCC), however, say that a robust, affordable communications system should be created by auctioning some airwaves to commercial companies. Once these companies have built a network, the FCC says, they can make it available to public safety agencies in an emergency event. This approach, which would involve sharing towers and fiber optic cables, would save $9 billion in construction costs and billions more over the network's lifetime. The Obama administration, Congress, FCC, and public safety groups are attempting to agree on standards, but politics and turf wars are complicating the debate. "The history of public safety is one where the vendors have driven the requirements," said Deputy Chief Charles F. Dowd, who oversees the New York Police Department’s communications division. "We don’t want that situation anymore. We want public safety to do the decision making. And since we’re starting with a clean slate, we can develop rules that everybody has to play by."
Terror Threat More Diverse, Study Says
Wall Street Journal (NY) (09/10/10) Gorman, Siobhan
A recent report from the national security group of the Bipartisan Policy Center, which is led by several former members of the 9/11 Commission, indicates that although the terror threat faced by the United States is now more diverse and harder to detect, it is also less likely to produce attacks on the scale of 9/11. American citizens are now also some of the most likely perpetrators of attacks, particularly those who are recruited to receive training in areas like Yemen and the horn of Africa. What's more, the report found that the government is currently not prepared to handle these types of attacks and that recent overreactions to even minor attempted attacks (particularly on Capitol Hill or in the media) fuel anti-American sentiment and encourage extremists. When discussing the government's lack of preparedness, the former commissioners cited the fact that no agency is specifically responsible for monitoring and stopping the recruitment of Americans by militants. Additionally, the report identifies more and less likely targets and means of attack. More likely targets include commercial aviation, Western brand names like American hotel chains, Jewish targets, and U.S. soldiers fighting in Muslim countries. Potential tactics include suicide operations, attacks by gunmen in the model of the 2008 assault on Mumbai, India, and assassinations of key leaders. The group hopes its findings will encourage the U.S. government to focus more of its limited resources on the most likely attack scenarios.
U.S. Fears Terror War from Mexico Cartels
Bloomberg (09/09/10) P. A15 Krause-Jackson, Flavia; Gould, Jens
United States Secretary of State Hillary Clinton compares escalating violence due to Mexican drug cartels to the war on terror that was waged on the Colombian government that occurred twenty years ago. She says that, like the situation in Columbia two decades ago, traffickers are controlling parts of the country in Mexico now. In a short two week period, two mayors have been murdered, 72 migrants were killed in a mass murder, and a car bomb exploded next to a television station. Violence that is associated with the drug trade has resulted in the deaths of more than 28,000 people since President Felipe Calderon came to power in December 2006 and began the fight on drug gangs. While U.S. officials have avoided suggesting the Mexico has lost control over it's own land, they have conveyed their concern about the amount of violence that is involved with the Mexican drug cartels. At the Council of Foreign Relations, Clinton commended Calderon for his work in battling the kingpins of the narcotic industry, noting it is "a very tough challenge."
U.S. Terror Training in Yemen Reflects Wider Program
Associated Press (09/08/10) Baldor, Lolita
U.S. special forces are reportedly quietly stepping up training of Yemen's military in order to help the country combat al-Qaida in the Arabian Peninsula. Although the number of trainers in the country tends to fluctuate, there are now about 50 moving in and out of the country as needs presents, up from 25 a year ago. Observers say this type of quiet assistance, combined with economic and governmental aid, is indicative of the Obama administration's new counterterrorism strategy designed to help fight al-Qaida's increasingly scattered network. U.S. military officials report that the training is aimed to correct shortfalls in the Yemeni military's aviation, intelligence, and tactical operations as well as in maintenance of aircraft and other systems. The Pentagon has also pledged $150 million in military assistance to Yemen for helicopters, planes, and other equipment.
Audit Finds Lapses in Federal Cybersecurity
Washington Times (09/10/10) P. A1 Waterman, Shaun
According to a new report by government auditors, network infrastructure at the Department of Homeland Security's U.S. Computer Emergency Readiness Team (US-CERT) was not maintained with updates and security patches in a timely manner and as a result was rife with vulnerabilities that hackers could exploit. The report said the problem of insufficient and untimely patching had been broached by another systems review more than 12 months earlier. Homeland Security officials said the weaknesses had been repaired since the audit, and new protocols and equipment are in place to ensure the systems are properly maintained. "The majority of the high-risk vulnerabilities involved application and operating system and security software patches that had not been deployed," says the auditors' report, published Sept. 8.
Botnet Takedown May Yield Valuable Data
IDG News Service (09/02/10) Kirk, Jeremy
Ruhr-University researchers have dismantled part of Pushdo, one of the top five networks of hacked computers responsible for most of the world's spam, which could shed more light on the nature of botnets. The researchers want to develop a method to determine what type of malicious spamming software is on a computer that sent a certain spam email. "We will analyze all the log data we have because I think we can provide a good overview of a modern spam operation," says Ruhr-University professor Thorsten Holz. In order to fight botnets, researchers need a method to identify and fix infected machines. Ruhr-University researchers identified eight hosting providers that had Pushdo's command-and-control servers, and six shut them down. Although most of Pushdo's servers have been taken down, Holz says the spam operators could use the remaining servers to reconstitute the botnet.
E-Mail Remains the Top Source of Data Loss, Survey Finds
Federal Computer Week (09/07/10) McCaney, Kevin
The potential threat to organizational data via employees' access of social media is on the rise, but email remains the most frequent data-loss culprit, according to Proofpoint's seventh annual survey on security. The poll culled results from 261 responses from organizations with at least 1,000 employees, and asked respondents to name the areas most frequently investigated for potential data breaches. Although email remains a key concern for 35 percent of respondents, other sources increasingly pose a risk. A quarter of respondents cited blog or message board postings as a source, while lost or stolen mobile devices were cited by 22 percent. Employees leaving the company were cited by 21 percent. One-fifth of respondents cited posts on a social networking site, 18 percent listed a video or audio file uploaded to a media sharing site, and 17 percent cited short messaging services such as text messages and Twitter.
ITU Head: Cyberwar Could Be 'Worse Than Tsunami'
ZDNet UK (09/03/10) Meyer, David
There needs to be a global cyber security peace treaty to avert the threat of international cyber war, whose effects would be more devastating than a tsunami, says International Telecommunications Union Secretary-General Hamadoun Toure. He told a London roundtable that he had proposed such a pact this year, only to be challenged by opposition from industrialized countries. The risks associated with cyber attacks have been on the rise as nations' energy and infrastructures become increasingly linked to the Internet. The United States established the U.S. Cyber Command last year in an attempt to fortify its offensive capabilities so that it could attack other nations' cyber infrastructure. Toure noted that cyber space has no borders and criminals can carry out mischief in any territory. He acknowledged that the concept of a cyber peace treaty is an ideal rather than an achievable goal, but said he would settle for a "common code of conduct against cyber crime" in which each country would pledge to ensure its citizenry are connected to the Internet rather than denied access. The code also would urge nations to shield citizens against criminals and include a vow to not harbor terrorists or criminals in their territory. Moreover, the code would mandate that nations commit to not attacking another country first.
Scientists View Cybersecurity as an Intimidating Conundrum
NextGov.com (09/02/10) Sternstein, Aliya
The U.S. President's Council of Advisors on Science and Technology (PCAST) recently called on cybersecurity experts to discuss specific areas in the networking and information technology sector that warrant federal government research and development (R&D) funding. Cybersecurity "is the most difficult challenge," says Carnegie Mellon University's Jeannette M. Wing, who previously served as assistant director of the computer and information science and engineering directorate at the U.S. National Science Foundation. "And it's not just a societal and political challenge. It's a technical challenge." PCAST has found that although many advances in networking used to come from the Defense Department, recently innovation is more prevalent in the private sector, and the federal government does not play a huge part in R&D financing. Wing says the federal government needs to build research programs at agencies such as the National Institutes of Health and the Energy Department, which traditionally have not been considered test sites for computing, but now are conducting revolutionary work in the field.
Abstracts Copyright © 2010 Information, Inc. Bethesda, MD |
No comments:
Post a Comment