Pratum Blog

A recent study by Osterman Research for Centrify concluded that 15% of respondents said their responsibility to protect employer data on their mobile device was “minimal to none”.

If this is shocking to you it shouldn’t be. The report also says users only think about security a few times per year. I’ve said in the past that many organizations have rushed into BYOD programs. Mobile devices are taking over our computing environment. Mobile security is increasingly important. So is securing the data instead of the device.

BYOD programs have a significant impact on how an organization complies with HIPAA, PCI, FISMA and other regulatory environments. Has your organization implemented a mobile BYOD program? Do you have a strong mobile security program in place? What would you do if 15% of your employees said they didn’t care about the security of your cash? Would that worry you?

According to the 2014 Verizon Data Breach Investigation Report, 35% of all breaches reported last year involved hacked web applications. That’s up 14% from the past three year period. Web applications are the biggest target for a security breach. They are constantly being updated. A security breach is more likely to occur in a web application because of the complexity of the system and the short development cycles we’re using today. Penetration testing is crucial for ensuring your web application is not hacked.  Any major release and any release that modifies session handling, encryption, authentication or similar functions should have penetration testing completed before moving to production. The stats don’t lie. Web applications are being hacked resulting in security breaches costing organizations millions every year.

The 2014 Verizon Data Breach Investigation Report shows that espionage is the fastest growing motive for cybercrime. Financial motives have declined over the same period at about the same rate. I’d argue that espionage is ultimately linked to financial motives. Either corporate or government espionage is about having political, military or trade power. Money is inextricably linked to all three. Hacker groups are being formed by governments and organized cybercrime syndicates across the globe. They are well funded and have clear targets. Information security is going to become the next “theater” in which we fight wars. Are you ready?

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.