New research shows data security is still not high enough on the list of priorities for many firms, with PCI compliance also being ignored.

The research, from app security firm Imperva, may seem a little of the "they would say that" variety, but nevertheless illuminates the attitudes of many multinational firms when it comes to protecting sensitive customer data.

It found that 71 per cent of firms still don't treat data security as a top strategic initiative, while 55 per cent said they only secure credit card information and not other sensitive information such as Social Security numbers, driver's license numbers, and bank account details .

Unsurprisingly, the report said companies taking a strategic approach to PCI compliance have fewer data breaches.

More interestingly, nearly two thirds of the firms surveyed said they don't have the resources to comply with PCI. Given that many of these are multinationals, that figure seems alarmingly high, and if true, would seem to indicate security teams need to work harder to communicate to the business the importance of compliance with the standard.

"Security departments are using PCI compliance as leverage to gain more budget, but these resources are not always translating into greater security for sensitive customer data," said Larry Ponemon, chairman and founder, Ponemon Institute.

"The results of our study indicate that while some companies have figured out how to convert PCI standards into an overall security mandate--many more have not."

September 23, 2009 | Permalink | Comments (1)

In another warning to PC users and IT security managers, new research from security vendor Trend Micro has found that malware lingers on devices much longer than previously thought - for months and sometimes years.

Previous estimates have said the average compromised machine remains infected for around six weeks, but now Trend is saying that many computers are infected or repeatedly infected for more than two years, with a median infection length of 300 days for some countries.

The security vendor analysed around 100 million compromised IPs and found that 80 per cent of all compromised machines have been infected for more than a month - with at least a quarter of these business computers.

With malware becoming increasingly difficult to locate and remove, the message is clear for firms - ensure your systems are running comprehensive scanning and remediation tools alongside any anti-malware technology. Deflecting attacks is only part of the battle.

September 15, 2009 | Permalink | Comments (2)

Security experts are warning Mac users upgrading to the new Snow Leopard operating system, that they could be exposed to threats they thought they had already patched against.

According to a new alert from security vendor Sophos issued this morning, the new version of Mac OS X downgrades users' version of Adobe Flash without asking permission - leaving their PCs exposed to a raft of potential attacks and exploits which the latest version of Flash was released to guard against.

Senior technology consultant at Sophos, Graham Cluley, urged Snow Leopard users to check that their version of Flash is the latest one - version 10.0.32.18 - and if not to upgrade immediately.

"This should be done as a matter of priority," argued Cluley in a blog posting.

"Mac users who have been diligent enough to keep their security up-to-date do not deserve to be silently downgraded. In many ways, Adobe is 'the new Microsoft' when it comes to security vulnerabilities, with hackers targeting its code looking for ways to infect users."

September 3, 2009 | Permalink | Comments (0)