| 11.05.13 | IT security spending to climb over the next year, says survey

If you are unable to see the message below, click here to view.

Editor's Corner: Time to stand up and be counted What's New: 1. IT security spending to climb over the next year, says survey 2. Cloud-based sandboxing beefs up enterprise malware prevention, says Seculert CTO 3. 2 data centers per continent will aid in data disaster recovery, says Gartner 4. Chinese group hacks into Canadian bank's website database 5. Mobile device access to enterprise data fuels demand for VDI Spotlight: Massive spike in reconnaissance activity, warns Cisco Also Noted: Hackers take limo service firm for a ride; Cloud-based storage without the cloud; Much more... News From The Fierce Network: 1. Get used to multi-vendor mobility management, says report 2. Mamma mia! Windows Phone overtakes iOS in Italy 3. Satelite providers Inmarsat, ORBCOMM team on M2M alliance November 5, 2013 Subscribe | Website Refer FierceITSecurity to a Colleague This week's sponsors: HP HP Follow @fierceitsec on Twitter This week's sponsor is HP.   eBook: Security for a faster world Cybercrime is becoming increasingly sophisticated, and it often surpasses the security capabilities of even large corporations. This eBook presents a maturity model that will help you determine how secure you really are, explores five questions every CIO should be able to answer, and outlines a new approach based on intelligence gathering and research that can keep you ahead of the cybercriminals. Download Now. Editor's Corner Time to stand up and be counted By Fred Donovan Comment | Forward | Twitter | Facebook | LinkedIn The National Institute of Standards and Technology plans to hold its last workshop next week for private industry to provide feedback on its cybersecurity framework for critical infrastructure. The workshop, which will be held Nov. 14 to 15 at North Carolina State University, will focus on the draft framework released last week. NIST began this journey back in February, when President Obama signed an executive order on cybersecurity, directing the agency to develop a voluntary framework to protect privately owned critical infrastructure. The order was a retreat for the president, who put forward a broad cybersecurity legislative proposal in 2011, which failed to pass Congress in 2012. That proposal would have given the Department of Homeland Security authority to conduct risk assessments of private sector networks and modify industry-developed security standards for critical infrastructure firms. Obama's legislative proposal became, after much amendment, the Senate's Cybersecurity Act of 2012. The legislation faced stiff opposition from Senate Republicans, as well from U.S. private sector groups, most notably the U.S. Chamber of Commerce. Senate Democratic leaders tried to bring the bill up for a vote on the Senate floor on a number of occasions but failed to secure enough support to hold a vote. While far from perfect, the NIST framework is a viable compromise between the government-mandate approach taken by the Obama administration in its legislative proposal and the hands-off approach favored by many congressional Republicans. NIST has gone out of its way to get private sector input for the cybersecurity framework, holding three workshops so far this year. NIST is looking for feedback on a range of network security issues, including enterprises' risks management practices, encryption, asset management and security engineering. The agency expects to have a final document ready early next year. I encourage the private sector to attend the workshop next week and participate fully in the process of developing NIST's cybersecurity framework. It will serve not only as a security guideline for critical infrastructure firms, but also as a security model for all industries. - Fred Read more about: NIST Sponsor: HP Marketplace > IT Made Easy with ManageEngine ServiceDesk Plus > eBook: Making BYOD Work What's New 1. IT security spending to climb over the next year, says survey By Fred Donovan Comment | Forward | Twitter | Facebook | LinkedIn IT security spending is expected to increase over the next year, according to a survey of 900 IT leaders by IT staffing firm TEKsystems. IT security was ranked third in terms of IT spending priority, behind mobile and cloud; spending on storage ranked fourth and business intelligence and big data ranked fifth. Overall, 62 percent of IT leaders polled said they expect an increase in their organization's IT budget, up from only 48 percent in last year's survey. In terms of having the biggest IT impact on the enterprise, security ranked second, behind business intelligence and big data in the top position. Mobile, cloud and virtualization rounded out the top five in terms of impact on the enterprise. In addition, a full 81 percent of IT leaders expect an increase in IT salaries, up from 55 percent last year. Of those, 71 percent expected a salary hike of up to 5 percent. The IT jobs where at least 60 percent of IT leaders expect salary increases are programmers and developers, software engineers, project managers, architects, security, business analysts, mobile, and business intelligence and big data. "In comparison to last year, IT leaders have significantly shifted their outlooks to be positive overall in IT budget allocations as well as their expectations for hiring and salary increases. Most interesting is that there seems to be greater demand for the core skill sets of programming and application development and software engineering. IT leaders indicate exceptional talent has become harder to find in these areas and have adjusted their salary strategies accordingly," says TEKsystems Research Manager Jason Hayman. For more: - see TEKsystems' release Related Articles: Worldwide IT security spending to reach $30.1 billion in 2017, says Canalys Microsoft leads growing SaaS content security market, says Infonetics Read more about: big data, IT budget back to top This week's sponsor is HP.   Know the Top 3 Mobile Application Threats According to Morgan Stanley Research, the smart phone will become the dominant computing platform by the end of 2013, with more units being sold than desktop and laptop computers combined. Ease of use and flexibility have outpaced security. Download this paper to learn how to prevent sensitive data leakage over insecure channels or stolen devices. 2. Cloud-based sandboxing beefs up enterprise malware prevention, says Seculert CTO By Fred Donovan Comment | Forward | Twitter | Facebook | LinkedIn Cloud-based sandboxing can overcome some of the limitations of on-premise sandboxing appliances, argues Aviv Raff, chief technology officer at cloud-based security firm Seculert, in a Security Week article. Limitations of on-premise sandboxing appliances, which test suspicious executables for malware, include trouble with stopping targeted attacks and thwarting attacks against less common desktop environments, Raff argues. Raff, who obviously has an interest in promoting a cloud-based solution, cited a number of reasons why cloud-based sandboxes provide better protection than on-premise products. First, cloud-based sandboxes are scalable and track malware over hours or days "to build robust malware profiles of targeted threats (such as the one that used a fake Mandiant APT1 report), or to uncover 'Time Bomb' attacks that need to be simulated with custom times and dates (such as Shamoon)," he says. In addition, cloud-based sandboxes can provide malware protection in multiple locations. "For example, attackers often target offices that are located in a different region than where the on-premise sandbox is running (typically the enterprise's headquarters). As such, the attacker will not respond to the malware since it communicates from a different region. However, cloud-based sandboxes avoid this by allowing the malware to run from different locations worldwide," Raff argues. Raff cautions that even cloud-based sandboxing will not prevent all targeted attacks. He recommends that enterprises combine sandboxing with botnet interception, traffic log analysis and security appliances "to create a comprehensive network security system." For more: - read the Security Week article Related Articles: ViaSat, Green Hills Software team on 'military-grade' security for Android Enterprises use old technology to combat new APT-style attacks Read more about: Targeted Attacks, Malware Protection back to top 3. 2 data centers per continent will aid in data disaster recovery, says Gartner By Fred Donovan Comment | Forward | Twitter | Facebook | LinkedIn Research firm Gartner is advising multinational enterprises to maintain two data centers per continent of major business activity to improve disaster recovery and operational efficiency. More than two data centers increase costs--often hundreds of millions of dollars--and complexity unnecessarily, while fewer than two undermines disaster recovery plans, notes Gartner. "The twin data center topology provides many benefits, such as allowing for an adequate level of disaster recovery. This can be through an active/active configuration where each data center splits the production and development work and can fail over the load of the other site in the event of a disaster," explains Rakesh Kumar, research vice president at Gartner. "However, this presupposes a synchronous copy of data and, so, a physical separation of about 60 to 100 miles. This may be too risky for certain industries, such as banking and government security, and so a third site may be required," he adds. More than two data centers and the enterprise has trouble responding to business changes and IT has trouble managing many data centers. "It's a fact that most global organizations run too many data centers in too many countries. This is normally the result of business expansion, either organically or through acquisition over many years," says Kumar. "While the logic of business growth makes sense, having too many data centers results in excessive capital and operational costs, an overly complex architecture and, in many cases, a lack of business-IT agility," he adds. For more: - see Gartner's release Related Articles: IP VPNs contribute to strong growth in US Ethernet revenues, says IDC Disaster recovery lessons Read more about: data centers, Disaster Recovery Plans back to top 4. Chinese group hacks into Canadian bank's website database By Fred Donovan Comment | Forward | Twitter | Facebook | LinkedIn Canadian bank Peoples Trust is sending out letters to customers notifying them of a breach of a website database by a Chinese hacker group. According to a copy of the letter obtained by DataBreaches.net, the bank hired a forensic investigator to determine the nature of a "possible intrusion" of a database used to collect  online application information. The investigator determined that that the database was indeed compromised by a Chinese group. The personal information accessed by the Chinese group includes customer name, address, telephone number, email address, date of birth and social insurance number. The bank stressed that the database is "totally separate from our banking systems so no banking information, such as balances, account numbers, logins or passwords could be obtained. As a precautionary measure, we immediately removed all data from this area and enhanced identification procedures and daily processes in our Deposit Services area to monitor for unusual activity pending a full investigation. To date we have seen no suspicious activity," the letter reads. The bank said it informed the police and Canada's Privacy Commissioner about the breach, as well as two Canadian credit bureaus. "To mitigate the risk, Peoples Trust has arranged for a flag to be placed on your credit file which will alert companies accessing your credit information that your data may have been compromised and that lenders should take additional steps to verify your identity before transacting further. The notation will stay on your credit file for a period of 6 years unless you choose to have it removed," the bank related. The DataBreaches.net report did not indicate how many customers received the letter. For more: - see the Peoples Trust letter Related Articles: Credit card processor PayJunction notifies sales agents of personal data breach Whipping the mules: Cashing out gets harder for fraudsters Read more about: personal information breach back to top 5. Mobile device access to enterprise data fuels demand for VDI By Fred Donovan Comment | Forward | Twitter | Facebook | LinkedIn The U.S. virtual desktop infrastructure market is forecast by TechNavio to increase at an 8.5 percent compound annual growth rate over the next five years, fueled in part by the need for secure access to enterprise data by mobile devices. Leading VDI vendors in the space are Citrix Systems, Microsoft, Oracle, and VMware according to TechNavio. Other vendors include Deskton, MokaFive, Quest Software, RedHat and Unidesk. "There is a rapid increase in the access of enterprise data and application by end-users is using smartphones, tablets, and other handheld devices. Virtual desktop infrastructure images are being stored in the data centers and accessed over the cloud infrastructure, which is decreasing the operational costs considerably," observes the TechNavio research team that prepared the report. "Further, with the cloud-based virtual desktop solutions finding increasing adoption, there are many applications being supported on the cloud which are being accessed over the virtual desktop infrastructure solutions," the team adds. Using VDI products, enterprises and end users are able to access the applications and data security from any location using their mobile devices. The data is not downloaded onto the mobile device, so there is not a risk of corporate data loss if the device is lost or stolen. At the same time, enterprises are concerned about the "huge capital expenditure" required for restructuring the enterprise network to support the virtualized applications and services. Enterprises are required to buy the virtualization software and supporting applications required to deploy the applications for their employees. For more: - see the TechNavio release Related Articles: BYOD, cloud fueling demand for mobile encryption products VMware's security efforts lack focus, argues analyst Read more about: VMware back to top Also Noted TODAY'S SPOTLIGHT... Massive spike in reconnaissance activity, warns Cisco On Saturday there was a massive spike in TCP source port zero traffic, which is a port that should not be used, explains Craig Williams, technical leader of threat research at Cisco's security intelligence operations. Williams advises Cisco customers who see port zero activity on their network to consider the traffic suspicious and conduct an investigation into the source. "Generally speaking port zero traffic can be indicative of a possible reconnaissance attack, and maybe a precursor to more serious penetration attempts. Additionally this traffic can be an attempt to identify network security devices," he writes in a blog. Read more > Google's Schmidt expresses anger over NSA spying allegations. Article (eWeek) > Hackers take limo service firm for a ride. Blog (KrebsonSecurity) > File sync and sharing: Users won't give it up. Article (InformationWeek) > Google finally hides passwords from snoopers in new builds of Chromium. Article (Ars Technica) > 6 tech giants appeal for more transparency regarding NSA requests. Article (Infosecurity Magazine) And Finally… Cloud-based storage without the cloud. Article (Wired) Marketplace > IT Made Easy with ManageEngine ServiceDesk Plus ManageEngine ServiceDesk Plus is an ITIL-Ready Help Desk Software with integrated asset and project management. True to our tagline, "IT Made Easy", ServiceDesk Plus wins hands down when it comes to ease of use, out of the box settings and integration. Visit http://www.servicedeskplus.com/ to check out the list of features that come at just $995 and to download a 30-Day Free Trial! > eBook: Making BYOD Work Chief information officers and enterprise IT departments face a myriad of challenges when allowing employees to bring their own mobile devices into the work environment. FierceMobileIT explores how BYOD can work best for your enterprise to solve these problems. Download for free today. ©2013 FierceMarkets This email was sent to ignoble.experiment@arconati.us as part of the FierceITSecurity email list which is administered by FierceMarkets, 1900 L Street NW, Suite 400, Washington, DC 20036, (202) 628-8778. Refer FierceITSecurity to a Colleague Contact Us Editor: Fred Donovan. VP sales and business development: Jack Fordi. Publisher: Ron Lichtinger. Advertise General advertising: Jack Fordi. Press releases: Fred Donovan. Request a media kit. Email Management Manage your subscription Change your email address Unsubscribe from FierceITSecurity Explore Our Network You may enjoy these publications from FierceMarkets: FierceBigData FierceBioMarkers FierceBiotech FierceBiotechIT FierceBiotech Research FierceCable FierceCIO FierceCIO:TechWatch FierceCMO FierceCFO FierceContentManagement FierceCRO FierceDeveloper FierceDiagnostics FierceDrugDelivery FierceEMR FierceEnergy FierceEnterpriseCommunications FierceFinance FierceFinanceIT FierceGovernment FierceGovernmentIT FierceHealthcare FierceHealthFinance FierceHealthIT FierceHealthPayer FierceHomelandSecurity FierceITSecurity FierceMedicalDevices FierceMedicalImaging FierceMobileGovernment FierceMobileHealthcare FierceMobileIT FierceMobileRetail FierceOnlineVideo FiercePharma FiercePharmaManufacturing FiercePracticeManagement FierceRetail FierceSmartGrid FierceTelecom FierceVaccines FierceWireless FierceWireless:Europe FierceWirelessTech Hospital Impact StorefrontBacktalk