InfoSec Philippines

Information Security, Technology News and Opinions

Archive for February, 2010

Annual Security Reports, Part 3

Posted by Jaime Raphael Licauco, CISSP, GSEC on February 11, 2010

PWC Global state of information security survey
Survey by CIO Magazine, CSO Magazine and PwC

Structure is as follows:

I. Spending: A decline in growth rate – but a manifestly reluctant one
Finding #1
The economic downturn has shaken up the normal roster of leading drivers of information security spending—and very nearly jumped to the top of the list.

Finding #2
Not surprisingly, security spending is under pressure. Most executives are eyeing strategies to cancel, defer or downsize
security-related initiatives.

Finding #3
Yet far fewer executives are actually “cutting security back”. And among the half or less that are taking action, most are taking the
least dramatic response.

II. Impacts of the downturn: Rising pressure amid evidence of gains
Finding #4
Although given a reprieve, of sorts, from the budget knife, the information security function is under pressure to “perform”.

Finding #5
After years of “thinking differently”, business and IT leaders may be starting to think like each other.

Finding #6
Companies have made strong advances in several critical arenas over the last 12 months including strategy, assessment and
compliance as well as people and organization.

III. New trends: What this year’s decision-makers are focusing on
Finding #7
After years in the limelight, protecting data elements is now a top priority—arguably—at the most critical time.

Finding #8
Companies are beginning to focus acutely on the risks associated with social networking.

Finding #9
While IT asset virtualization is a growing priority, only one out of every two respondents believes that it improves information security.

IV. Global shifts: South America steps out – while China takes the lead
Finding #10
With more mature security practices than any other regions of the world, North America eases up on investment—unlike Asia, which
relentlessly presses ahead.

Finding #11
South America achieves major, double-digit advances in security practices—bypassing Europe at a breathless clip.

Finding #12
As China muscles its way through the economic downturn, its security capabilities have stepped nimbly ahead of India’s—in a
dramatic shift from last year’s trend—and, in the same one-year sweep, ahead of those in the US and most of the world.

Download the full report here.

Sophos Security Threat Report 2010

Structure is as follows:

Social media
– Battle lines are drawn
– Why businesses are concerned
– Koobface
– The Mikeyy Mooney worms
– Also a “localized” problem
– Emerging vectors for social networking attacks
– How to mitigate the risk

Data loss and encryption
– Data leaks lead to broken businesses
– Preventing data loss

Web threats
– The web remains the biggest vehicle for malware
– Fake AV and SEO malware stir up trouble
– Reducing web risks

Email threats
– Email malware is far from dead

– How spam spreads
– IM and social networking spam
– Other forms of spam

Malware trends
– Malware: A money-making machine
– Adobe Reader is a key malware target
– Conficker worm gains notoriety in 2009
– Other malware vehicles

Windows 7
– New platforms, new challenges
– Windows 7 security features

Apple Macs
– Soft but significant targets

Mobile devices
– BlackBerry malware
– iPhone malware
– Google Android, Palm Pre and Nokia Maemo

– The cybercrime economy
– Partnerka: Criminal affiliate networks
– Timeline of cybercrime incidents, arrests and sentencings in 2009

Cyberwar and cyberterror
– Government involvement in cyberwar in 2009

The future: What does 2010 hold?


Download the full report here.


Posted in Annual Security Reports | Leave a Comment »