www.luisdunckerlavalle.org

0 20px 10px
Nashville, TN (Nasdaq) 14 December 2011

The Cyber ​​Security Information Assurance Division of Kroll Inc., announced today its annual security report, highlighting the key risk areas and trends that impact on organizations and governments to combat and respond to cyber threats.

The events of 2011 that the landscape can be found on the Internet the security of public and private organizations are still unstable up, said Karen Schuler, head of the practice of cyber-security and the Division of Insurance Information. Points of pain for the traditional organizations, including mobile technologies, incident response and regulatory requirements than the surface of new and evolving challenges to intensify in 2012.

with protective measures on the assumption that it is based not a goal, said Alan Brill, senior director of cyber-security management and insurance department information. However, 2011 has taught us that no one is exempt from attack. Companies need a strategic approach to cybersecurity and aggressive. Ignoring a problem is no guarantee that you will ignore the problem.

Cyber ​​Security Forecast 2012 includes:

1 .???? Are threats to the security of mobile technology on the highest of all time. Mobile technologies are changing so rapidly that in some companies, the demand and pressure for introduction of new technologies (such as Tablet PCs), the capacity of existing organizations in order to secure them. This unfortunate dynamic is no secret to thieves who are willing to wait, and with malicious software and attacks with highly targeted mobile applications. Likewise, the eternal problem of lost or stolen devices, extended to the old and new technologies, which has flown under the radar of the extended planning. For example, digital cameras are used by medical facilities to document the treatment of patients and more attractive to potential thieves. The loss of such data is a potential violation of the HIPAA privacy law could have serious consequences for health care.

2 .???? Social media is increasing in popularity as a channel for social engineering attacks. Adoption of social media in companies up fast and so is the danger of an attack. In 2012, companies can expect an increase in social media profiles as a channel for social engineering tactics to see. Thieves use clever tactics to force end users to expose sensitive information openly, downloading malicious software, or both. In the fight against the risks that companies will need to discuss the fundamentals of policy and procedure development to advanced technologies such as data leakage prevention, improved network monitoring and analysis of log files looking for.

3 .???? Small enterprises (SMEs) to come into the focus of cyber-attacks. Hacktivism can make headlines, but the fact of the matter is that data thieves are simply looking for the path of least resistance. In the end, this way directly to SMEs than large amounts of valuable data taken home, but do not have the budget for the data security of their colleagues in larger companies. Common modes of attack, ranging from social engineering to SQL injection. In addition, weakened by the continued use of legacy systems upgrades and replacements are deferred by SMEs with high risk or neglected.

4 .???? As cloud services gain in popularity, will thrive break incidents. If we were meteorologists call Sea certainly cloudy with a chance of storms. The comprehensive smart companies are clouds associated costs for the economy and ease of use. Unfortunately, current studies and reports show that companies underestimate the importance of security due diligence when it comes to controlling these sellers. As the use of cloud rising in 2012, the new injury incidents underscore the challenges for the provision of forensic analysis and incident response and security issues cloud is finally his attention.

5 business .???? and government cooperation will be critical to the economic health and infrastructure. Cybercrime has the ability to paralyze almost all aspects of trading in the company’s largest individual consumption. Similarly, the security of the U.S. infrastructure in question is disturbingly real. For these reasons, there is a growing feeling among private organizations and the U.S. government about the need for increased exchange of information. Better communication between the private and public sector is not only the government the necessary ammunition to win a major threat, it is also the ability of private institutions to large increases to deal effectively with threats.

privacy .???? keep the location technology white-hot-spot in one. The geolocation technology is the quintessential double-edged. On the one hand, and consumers the convenience of the innovative mobile services and applications using this technology. On the other hand, the reaction against surreptitious monitoring and publication are fast and strong. In fact, two federal bills in 2011, which introduced geolocational specifically with data protection. Its doubtful either becomes law in 2012, but we can expect to privacy advocates urge companies to opt-in to see or accept the submission of the consumer’s consent.

.???? and analysis of protocols will be more respect for his role in the incident preparedness and response. Security incidents have in sophistication and frequency of recent years greatly increased, and to receive one of the most effective forms of reaction to full operation of the network and key applications. While historically undervalued, logging provides essential information that can be used for the analysis of network activities and documentation of security incidents. As companies begin to see, the error in their ways, in 2012 they will begin to conduct formal risk assessments in order to seek places of safety less.

8 .???? Incident Response Team will get a permanent seat at the table when it comes to routine transactions. Emergency services have historically been on the staff throughout the organization to realize, to mobilize if and when security incidents. But to remain competitive in the market for companies today need to update the state plan for incident response teams daily operations. Effective Incident Response Team may be called a group of full-time employees as responders or incident of a team of consultants from outside (via a third party) is obliged to answer 24 / 7 support on.

9 .???? Companies neglect the most important vulnerabilities, such as regulatory compliance continues to drive organizational security measures. Lets face it official regulations remain the benchmark for the completeness of data privacy and security are measured. But with such a list mentality driving safety initiatives is dangerous, because a number of safety rules, data security controls. Certainly there are regulations, the need for encryption or developing a plan for responding to incidents of address, but only a few require a wide range of best-practice controls, such as updating antivirus software. How many violations occur because of safety deficiencies, we should expect that bodies offer specific guidelines for risk assessment and control of standard computer security.

10 .???? Violation notification laws to gain ground next to the United States. While the U.S. Congress is struggling to build consensus at the federal level to achieve mandatory reporting, internationally, the idea is on the rise. Germany began to have an infringement notice in all areas in 2010 and several other EU countries expressed interest in similar requirements. Meanwhile, Canada is also considering mandatory on the violation under the proposed amendments to PIPEDA to collect, how Canadian companies that use personal data and controls. Company with global presence should note
More releases Planning List