Stonesoft: Rethinking of IT security practices needed
(Thomson Reuters ONE) -
Paradigm shift raises red flag for corporate boards and top management
Helsinki, Finland - 22 June, 2011 - The network security company Stonesoft
encourages organizations to re-evaluate their existing risk management and
security architecture. Recent phenomena such as Wikileaks, Stuxnet, Advanced
Evasion Techniques and the RSA security breach have changed the security
landscape permanently and acted as wake-up calls also in the strategic aspect.
Organizations should re-evaluate their existing risk management and security
architecture, whereby the ultimate responsibility is held by the top management
and board of directors
The year 2010 and the beginning of the year 2011 have changed the security
landscape permanently. Four different phenomenon; Wikileaks, Stuxnet and
Advanced Evasion Techniques and the hacking of the SecurID source code have
shifted the axioms of security thinking and acted as wake-up calls also in the
strategic aspect. The recent series of sever cyberattacks further emphasize the
need to take action. It even seems that the more valuable information an
organization possesses, the more likely it is to become the target of an attack.
Even on the board level, organizations should re-evaluate their existing risk
management and security architecture.
Wikileaks has been criticized for exposing classified information, harming
national security, compromising international diplomacy and lack of editorial
discretion. This had lead to the need for organizations to consider whether they
can still afford to have business information and habits which, if disclosed to
the public, would harm or in the worst case even destroy their business. If an
organization's core information is something which cannot be revealed to the
public, it should be protected accordingly.
Stuxnet has shown that there are organizations and/or individuals who have the
resources and competence to make very advanced, targeted attacks against
organizations. Consequently, the claim that attacking certain networks is too
difficult or requires too much resources is not valid any more if you are
offering high rewards for cyber criminals and hackers.
Advanced Evasion Techniques (AETs) are a new species of evasion techniques that
can be altered or combined in any order to avoid detection by security systems.
Set of AETs work as a master key to highly protected places and by using them
any malicious payload (new or old) can be delivered to targets. Advanced Evasion
Techniques put the functionality of organizations' data capital and systems at
risk, indicating that the security field has focused too much on the speed and
marketability of products while compromising the most important - real security.
With the discovery of AETs, organizations face the responsibility to re-evaluate
their security architecture to make sure their critical data and systems are
protected.
The RSA security breach has made it possible for cybercriminals to enter into
security systems by creating duplicates to "SecurID" electronic keys from EMC
Corp's RSA security division. SecurIDs are widely used electronic keys designed
to thwart hackers who might use key-logging viruses to capture passwords by
constantly generating new passwords to enter the system. In March 2011, EMC
disclosed that hackers had broken into their network and stolen some SecurID-
related information that could be used to compromise the effectiveness of those
devices in securing customer networks.
Overview of recent security breaches
During 2010-2011, we have witnessed several severe security breaches:
* Nasdaq, 2010
* Hackers have repeatedly penetrated the computer network of the company
that runs the Nasdaq Stock Market during the year 2010, The case poses
two concerns for authorities: preserving the stability and reliability
of computerized trading, and ensuring that investors have full faith in
that system. Stock exchanges know they are frequently targets for
hackers.
* RSA breach, March 2011
* Hackers successfully infiltrated security firm RSA to steal information
related to its two-factor authentication products.
* SONY hacked several times in 2011
* The incident is the latest in a week-long string of hacks and breaches.
The problems began in April 19, when the company began investigating and
ultimately discovered a massive breach of security on itsPlayStation
Network, a cyber scandal that compromised the personal information of
more than 100 million users.
* Comodo breach, March 2011
* US digital certificate authority Comodo has admitted that two more of
its Registration Authorities (RAs) have been hacked. The hacks appear to
be separate from the so-called Iranian lone hacker incident earlier in
the month when at least five accounts were compromised.
* Barracuda, April 2011
* After several hours of automated probing, hackers found and exploited an
SQL injection vulnerability at the Barracuda website to raid various
databases and hijack the names and contact information of partners,
customers and Barracuda employees.
* Lockheed martin Corp, May 2011
* Unknown hackers have broken into the security networks of the world's
biggest defence contactor Lockheed Martin Corp.
* L-3 Communications, hacking attempt in 2011
* Defence contractor L-3 Communications was targeted with penetration
attacks aimed at acquiring confidential information. L-3 did not
disclose any information regarding the success of the attack.
* Citibank, hacked in May 2011
* The personal and account information of some 200,000 Citibank card
holders in North America was breached, including contact specifics like
names and email addresses.
* IMF hacked in June 2011
The International Monetary Fund, the intergovernmental group that
oversees the global financial system and brings together 187 member nations, has
become the latest known target of a significant cyber attack.
The common denominator of almost all of the organizations listed is the fact
that their network security systems operate at the highest levels of security
and integrity. These organizations have dedicated security teams with command
and control centers to manage and protect their networks against multiple
incident scenarios. Nevertheless, they have been hacked. It is likely that there
will be more of these kinds of events and that the security breaches will spread
also to not so well protected areas as hacking tools continue to evolve and
become more commonly available.
"The threat landscape has changed permanently, and the design principles which
have been used to protect organizations' digital assets need to be re-evaluated.
IT security strategy is becoming increasingly important area of risk management.
Top management need to have it on their agenda. Ignoring security and leaving
responsibility only on IT management shoulders is a clear sign of poor
governance", said Ilkka Hiidenheimo, CEO of Stonesoft Corporation. "Even
corporate boards should participate to exercise oversight of management's
responsibilities and review the risk profile of the organization.
Contact:
For more information, please contact:
Ari Vänttinen
Vice President, Marketing
Stonesoft Corporation
Tel. +358 40 5959577
Email: ari.vanttinen(AT)stonesoft.com
About Stonesoft
Stonesoft Corporation (NASDAQ OMX: SFT1V) is an innovative provider of
integrated network security solutions to secure the information flow of
distributed organizations. Stonesoft customers include enterprises with growing
business needs requiring advanced network security and always-on business
connectivity.
StoneGate(TM) Secure Connectivity Solution unifies firewall, VPN, IPS and SSL
VPN blending network security, end-to-end availability and award-winning load
balancing into a unified and centrally managed system. The key benefits of the
StoneGate solution include low TCO, excellent price-performance ratio and high
ROI. The StoneGate Virtual Security Solutions protect the network and ensure
business continuity in both virtual and physical network environments.
StoneGate Management Center provides unified management for StoneGate Firewall
with VPN, IPS and SSL VPN. StoneGate Firewall and IPS work together to provide
intelligent defense all over the enterprise network while StoneGate SSL VPN
provides enhanced security for mobile and remote use.
Founded in 1990, Stonesoft Corporation is a global company with corporate
headquarters in Helsinki, Finland and Americas headquarters in Atlanta, Georgia.
For more information, visit www.stonesoft.com, www.antievasion.com and the
corporate blog http://stoneblog.stonesoft.com.
This announcement is distributed by Thomson Reuters on behalf of
Thomson Reuters clients. The owner of this announcement warrants that:
(i) the releases contained herein are protected by copyright and
other applicable laws; and
(ii) they are solely responsible for the content, accuracy and
originality of the information contained therein.
Source: Stonesoft Oyj via Thomson Reuters ONE
[HUG#1535573]
Unternehmensinformation / Kurzprofil:
Datum: 02.08.2011 - 13:38 Uhr
Sprache: Deutsch
News-ID 56910
Anzahl Zeichen: 10456
contact information:
Town:
Helsinki
Kategorie:
Business News
Diese Pressemitteilung wurde bisher 151 mal aufgerufen.
Die Pressemitteilung mit dem Titel:
"Stonesoft: Rethinking of IT security practices needed"
steht unter der journalistisch-redaktionellen Verantwortung von
Stonesoft Oyj (Nachricht senden)
Beachten Sie bitte die weiteren Informationen zum Haftungsauschluß (gemäß TMG - TeleMedianGesetz) und dem Datenschutz (gemäß der DSGVO).
