| 06.03.14 | You can add poor IT security to the list of VA woes

If you are unable to see the message below, click here to view.

What's New: 1. You can add poor IT security to the list of the VA's woes 2. Paris Hilton hacker gets 4 years for hacking into law enforcement systems 3. Bitcoin's decentralization allows companies to crowdsource security testing 4. Infographic: Same cybersecurity worries plague CIOs across the Pond 5. Firms look to cloud-based, consolidated security in face of product proliferation Spotlight: Russian hacker charged with running $100M data theft ring Also Noted: Avoiding security disasters; IBM patents anti fraud tech; Much more... News From The Fierce Network: 1. An always-connected workforce? Absolutely, in moderation, say employees 2. Mobile apps siphon off reams of data through excessive permissions 3. Humans trusted autonomous car too fast, says Google June 3, 2014 Subscribe | Website Refer FierceITSecurity to a Colleague This week's sponsors: HP HP HP Gartner Follow @fierceitsec on Twitter This week's sponsor is HP.   Cyber Risk The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat landscape. It provides information you need to effectively plan your cyber security strategy and deploy your defenses. The summary concludes that security is about an integrated, systematic approach that includes both protective and reactive measures. Read it to learn more. Sponsor: HP Events > Gartner Security & Risk Management Summit 2014 - June 23-26, 2014 - National Harbor, MD Marketplace > Whitepaper: Delight & Engage Customers with Mobile APIs > eBook: eBrief | Best Practices in Mobile Application and Management Delivery > Whitepaper: APIs Drive Opportunity Explosion > Whitepaper: Supporting VDIs and Thin Clients > Whitepaper: Four Ways to Improve IT Efficiency This week's sponsor is HP. eBook | Critical Infrastructure and Cybersecurity Critical infrastructure industries vary in the sophistication of their digital defenses. In this FierceITSecurity eBook, industry experts discuss how to stay ahead of cuber security threats and maximize their defensive efforts.Download this eBook today. What's New 1. You can add poor IT security to the list of the VA's woes By Fred Donovan Comment | Forward | Twitter | Facebook | LinkedIn Long wait times that may have resulted in patient deaths and poor management at the Department of Veterans Affairs led last week to the resignation of VA Secretary Eric Shinseki. And now, a new report by the VA's Office of the Inspector General says that IT security can be added to the list of the VA's problems. The VA has not fixed 6,000 system security risks identified in previous audits conducted under the Federal Information Security Management Act, according to an audit [pdf] conducted by public accounting firm CliftonLarsonAllen for the VA's Office of Inspector General. The audit identified continuing IT security deficiencies "related to access controls, configuration management controls, continuous monitoring controls, and service continuity practices designed to protect mission-critical systems." The report noted: "Weaknesses in access and configuration management controls resulted from VA not fully implementing security control standards on all servers and network devices. VA also has not effectively implemented procedures to identify and remediate system security vulnerabilities on network devices, database and server platforms, and Web applications VA-wide." CliftonLarsonAllen makes 30 recommendations to improve the VA's information security, most of which were made in previous FISMA audits and have yet to be implemented. Among the recommendations, the accounting firm advises the VA to implement an agency-wide risk management system, beef up its password-policy enforcement, and set up policies for securely accessing data remotely. For more: - check out the audit [pdf] Related Articles: A tale of two office suites Big data project analyzes veteran suicide risks Most PCs without encryption software at Veterans Affairs Read more about: VA office of inspector general, CliftonLarsonAllen back to top This week's sponsor is HP.   IPS MQ The 2013 Gartner Magic Quadrant for Next-Generation Intrusion Prevention System (NGIPS) has been published and HP TippingPoint is in the Leaders Quadrant for the nine consecutive years. Gartner evaluates vendors in a Magic Quadrant on two main dimensions - completeness of vision and ability to execute on that vision. HP TippingPoint continues its strong leadership on both dimensions, driving its placement as the most visionary. Download the report and learn about HP TippingPoint's strengths. 2. Paris Hilton hacker gets 4 years for hacking into law enforcement systems By Fred Donovan Comment | Forward | Twitter | Facebook | LinkedIn Cameron Lacroix, a hacker who hacked into Paris Hilton's cellphone 10 years ago and disclosed racy photos of the socialite, has pleaded guilty to charges that he conducted a recent hacking spree that included breaching law enforcement networks around the country, Ars Technica reports. Lacroix, a resident of New Bedford, Mass., pleaded guilty to two counts of computer intrusion and one count of access device fraud, according to documents filed in a Boston federal court. He faces four years in prison and three years of supervised release. As part of his hacking spree, which began in May 2011, Lacroix hacked into the networks of a local Massachusetts police department and published an email account of the department's chief of police, the report relates. He is also accused of breaching the defense of other law enforcement computer servers hosting sensitive data, including police reports, arrest warrants and sex offender information. The New Bedford hacker also breached the servers at Bristol Community College in order to change his grades and those of two other students by stealing the instructors' login credentials. Back in 2007, then Washington Post reporter (now security blogger) Brian Krebs reported that Lacroix was one of a number of hackers who hacked into Hilton's cell phone and published racy images of the reality T.V. star and socialite. Lacroix, who was a juvenile at the time, plead guilty to the hack and served time in a Massachusetts juvenile detention facility. For more: - read the Ars Technica article - see Krebs' report Related Articles: Hackers in chains: 13 of the biggest US prison sentences for electronic crime Carder forum participant gets 20-year sentence under RICO act Hackers scour Windows 7 patches for clues to XP flaws Read more about: Massachusetts Police Department back to top 3. Bitcoin's decentralization allows companies to crowdsource security testing By Robert Bartley Comment | Forward | Twitter | Facebook | LinkedIn Decentralization is an old idea, but its recent inclusion as a key tenet for virtual currencies, such as Bitcoin, has changed the way people think about their businesses. CrowdCurity, which serves many Bitcoin-based clients, has modeled the idea of decentralization and crowdsourcing to create a marketplace that helps find and fix vulnerabilities a company could potentially face on an international scale. The company lets its customers hold its own "public vulnerability reward programs," popularized by firms like Google, Facebook and Microsoft, according to its website. In the past, these types of contests were only affordable to large conglomerates, but CrowdCurity wants to make them available to the average company. The company's clients "are getting a solution that actually mirrors the threat; hackers are global so a business should have a global security testing team," said Esben Friis-Jensen, one of three co-founders of CrowdCurity, to Payments Source. "If you're centralizing the work and making it locally-based, it won't be as efficient and creative; you won't get the coverage you need to solve the security problem." Through its network of white hat hackers, CrowdCurity allows website administrators to harness the collected power of the abuses they face on a daily basis from actual malevolent forces. However, the white hat hackers only point out potential exploits and receive payment if they are verified. The flexibility of Bitcoin allows the company to do business with white hat experts all over the world, and 80 percent of the rewards doled out through CrowdCurity are in cryptocurrency form, according to Payments Source. For more: - here's the CrowdCurity website - here's the Payment Source article Related Articles: Mt. Gox 'Willy' accounts artificially inflated bitcoin, gamed markets Bitcoin mining malware hidden in Google Play apps Heartbleed underscores need for open source bug bounties Read more about: CrowdCurity, white hat back to top 4. Infographic: Same cybersecurity worries plague CIOs across the Pond By Fred Donovan Comment | Forward | Twitter | Facebook | LinkedIn Chief information officers at U.K. enterprises are facing similar IT security challenges to their counterparts in the United States.   Cybersecurity is upper most in the minds of U.K. CIOs and chief technology officers. In fact, close to half of 100 CIOs and CTOs surveyed by Robert Half Technology say that the number of security incidents detected at their firms has increased over the past year. Respondents to the Robert Half surveyed identified the top ten security threats to their organizations. In order, they are network security, email (phishing and social engineering), viruses and malware, physical security, ecrime and fraud, insider threats, data leakage, competitor threats (industrial espionage), privilege user abuse and social media. Unfortunately, only one-third of respondents are very confident that their IT teams have the skills to manage cybersecurity threats, and a similar percentage says that cybersecurity is not a priority for their senior management. Robert Half has put together an infographic summarizing the results of their U.K. CIO andCTO survey. Click here for the full-size infographic. Related Articles: CIOs, CISOs have "very little influence" in cyber insurance purchase decisions, says survey Secure access to data, apps is most pressing IT objective for CIOs at European utilities Read more about: CIOs back to top 5. Firms look to cloud-based, consolidated security in face of product proliferation By Fred Donovan Comment | Forward | Twitter | Facebook | LinkedIn Faced with a proliferation of security products on the market, enterprises are increasingly looking for cloud-based, consolidated security products to reduce the time and cost of securing their networks. This is fueling demand for unified threat management products, notes market research firm TechNavio, which predicts that the UTM market will increase at a 16.5 percent compound annual growth rate through 2018. UTM products integrate security technologies such as firewalls, virtual private networks, intrusion detection and prevention systems, anti-malware and antivirus products, IP security, web filtering, anti-spam, application controls, load balancing and data loss prevention. "The consolidation of security technologies such as firewalls, intrusion prevention, and web filtering addresses multiple security attack vectors by cyber criminals. It also means that a single company can be made responsible for all the support and transaction activities relating to network security, thereby streamlining security processes and offering major cost-savings for enterprises," says Faisal Ghaus, vice president of TechNavio.  The increasing shift toward cloud-based UTM is making installation and upgrades easier, and reducing costs. In addition, cloud-based products can provide signature independent scanning, explains Ghaus. Major vendors in the UTM market are Check Point, Cisco, Fortinet, Juniper Networks, Dell SonicWALL, Sophos and WatchGuard Technologies. For more: - check out TechNavio's release Related Articles: Demand for unified threat management appliances on the rise, says IDC Cisco, Check Point, Fortinet top growing security appliance market, says IDC Microsoft leads growing SaaS content security market, says Infonetics Read more about: Security Technologies back to top Also Noted This week's sponsor is Gartner. Gartner Security & Risk Management Summit June 23 - 26, 2014, National Harbor, MD Discover five programs covering IT security, risk and compliance, BCM, the CISO and the marketplace for security, so you can validate your strategy against the full spectrum of security and risk initiatives. Save $300 with code GARTFSI. To register, visit gartner.com/us/securityrisk. TODAY'S SPOTLIGHT... Russian hacker charged with running $100M data theft ring Russian hacker Evgeniy Mikhailovich Bogachev has been charged with running a criminal ring responsible for the Gameover Zeus and Cryptolocker ransomware, according to documents unsealed Monday in a Pittsburgh federal court, Bloomberg reports. The ring is responsible for stealing more than $100 million from businesses and consumers since 2011, the U.S. Justice Department charges. Despite the indictments, Bogachev remains at large. Read more > Avoiding IT security disasters (TechRepublic) > IBM patents anti fraud tech for the cloud (IBM) > Data security is easier than you think, says NHS officer (Computer Weekly) > Healthcare vs. retail (InformationWeek) And Finally... Target, on the defense (NYT) Events > Gartner Security & Risk Management Summit 2014 - June 23-26, 2014 - National Harbor, MD Discover five programs covering IT security, risk and compliance, BCM, the CISO and the marketplace for security, so you can validate your strategy against the full spectrum of security and risk initiatives. Save $300 with code GARTFSI. To register, visit gartner.com/us/securityrisk. Marketplace > Whitepaper: Delight & Engage Customers with Mobile APIs Read this success story and learn how a robust API and secure API Management powered Keep’s iOS app to become one of the most popular apps in the Lifestyle category in the iTunes App Store. > eBook: eBrief | Best Practices in Mobile Application and Management Delivery Your organization knows that mobile productivity is important, and it may have already started down the road toward Mobile Device Management (MDM) and Mobile Application Management (MAM). But have you developed a holistic view of application management and delivery -- and its impact on the business? Download this free eBrief to learn about best practices for your mobile deployment. > Whitepaper: APIs Drive Opportunity Explosion Argos took bold, transformative measures to respond to market disruption from competitors selling online in addition to the move by grocers into non-food product ranges. Learn how APIs paired with a secure API Management solution can enable a digital transformation by delivering content and purchasing capabilities to customers any where at anytime. Download Today! > Whitepaper: Supporting VDIs and Thin Clients Companies have already begun deploying VDIs and thin clients (like Google's Chromebook) on a massive scale. The low-cost, easily deployed workstations present a significant cost savings for companies, but require unique tools to support them. This whitepaper, written by Proxy Networks, outlines the best way to do that. Download now. > Whitepaper: Four Ways to Improve IT Efficiency The role of the help desk within businesses has expanded considerably over the last decade, becoming an integral piece of the overall corporate strategy. In this whitepaper, Proxy Networks outlines the best way to align your IT department with that strategy in order to improve overall departmental efficiency. Download now. ©2014 FierceMarkets, a division of Questex Media Group LLC This email was sent to ignoble.experiment@arconati.us as part of the FierceITSecurity email list which is administered by FierceMarkets, 1900 L Street NW, Suite 400, Washington, DC 20036, (202) 628-8778. Refer FierceITSecurity to a Colleague Contact Us Editor: Fred Donovan. VP sales and business development: Jack Fordi. Publisher: Ron Lichtinger. Advertise General advertising: Jack Fordi. Press releases: Fred Donovan. Request a media kit. Email Management Manage your subscription Change your email address Unsubscribe from FierceITSecurity Explore Our Network You may enjoy these publications from FierceMarkets: FierceBigData FierceBiotech FierceBiotechIT FierceBiotech Research FierceCable FierceCIO FierceCIO:TechWatch FierceCMO FierceCFO FierceContentManagement FierceCRO FierceDeveloper FierceDiagnostics FierceDrugDelivery FierceEMR FierceEnergy FierceEnterpriseCommunications FierceFinanceIT FierceGovernment FierceGovernmentIT FierceHealthcare FierceHealthFinance FierceHealthIT FierceHealthPayer FierceHealthPayerAntiFraud FierceHomelandSecurity FierceITSecurity FierceMedicalDevices FierceMedicalImaging FierceMobileGovernment FierceMobileHealthcare FierceMobileIT FierceMobileRetail FierceOnlineVideo FiercePharma FiercePharmaManufacturing FiercePharmaMarketing FiercePracticeManagement FierceRetail FierceRetailIT FierceSmartGrid FierceTelecom FierceVaccines FierceWireless FierceWireless:Europe FierceWirelessTech Hospital Impact