Access "Messaging security risks have upper hand on solutions"
This article is part of the November 2009 issue of How to implement a change management that works and reduces security risks
We posed this question to security experts: If leading email filtering products detect and block 95 percent to 99 percent of unwanted email messages, with few if any false positives, why can't we declare victory? The answer is simple: spam still pays. So do phishing scams and links in email messages to compromised websites. "The return on investment is still very high for a very low click-through rate," says Paul Ferguson, threat researcher for Trend Micro. "If [attackers] get one person to go to a discount pharmacy site, they've made their money back in spades." Messaging platforms remain a viable attack vector for hackers who primarily rely on botnets of hijacked PCs to flood the Internet with bogus messages. The messages ply on users with the same kinds of social engineering tactics attackers used in 2004, pushing suspect drugs and knock-off watches. However, rather than using executable email attachments, attackers are luring users to phishing sites or bogus sites, infecting users with malicious drive-by downloads. The implications for business are ... Access >>>
Premium Content for Free.
Messaging security risks have upper hand on solutions
Spam, phishing and infected attachments continue to plague messaging platforms, despite sophisticated protection. What's the answer?
Enterprises must treat Insider risk as they do external threats
Enterprises can no longer differentiate between insiders and external threats. That's such a 2003 paradigm.
- Messaging security risks have upper hand on solutions
Metasploit Project acquisition ups ante for penetration testing market
Rapid7's acquisition of the Metasploit Project takes down one of the few remaining open source security projects. But expect a smooth transition; there have been many success stories and mistakes made to learn from.
Integrated change management reduces security risks
by Diana Kelley and Ed Moyle
Unmanaged changes to IT systems and networks can recklessly increase risk to enterprises. The key is rolling out an accepted change management process, and sticking to it.
- Metasploit Project acquisition ups ante for penetration testing market
Time is now for pandemic flu planning
Safeguarding your organization against a H1N1 outbreak should be a top priority.
Schneier-Ranum Face-Off: Is antivirus dead?
Security experts Bruce Schneier and Marcus Ranum debate the longterm viability of antivirus software.
Standards compliance does not equal sound information security risk management
The checklist approach to security is easy, but the result is poor security.
- Time is now for pandemic flu planning
More Premium Content Accessible For Free
Strategies for a successful data protection program
Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...
Devices, data and how enterprise mobile management reconciles the two
The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...
Putting security on auto-pilot: What works, what doesn't
For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...