The week in security: When corporate 'security' just isn't

Following on from the hack of analyst firm Stratfor in December, Wikileaks has published more than five million emails from the group —painting in stark clarity just what can happen if you don't take your security seriously enough. And while CIOs should consider their risk culture and are expected to boost security spending in 2012, it's crucial to make sure your company's site is secure before you try to implement anti-distributed denial of service (DDoS) systems, one group warned.

Also, feeling the pain of overexposure is Carrier IQ, which was embroiled in scandal when its mobile-snooping software was called out but now hopes the value of its data will bring customers back. And Fixmo, which specialises in high-security applications, has designed software that can turn off applications running on compromised iOS and Android based mobile devices. On a similar note, the US FCC has floated the question of whether it's ever appropriate to shut down an entire mobile network to ensure public safety.

Reflecting the growing awareness of mobile security issues and the need for a quot;new privacyquot;, the Cloud Security Alliance launched an innovation program designed to spur collaborative thinking around improving mobile security. They'd better think fast, because malware authors of Lulzsec and myriad others are getting smarter every day as they figure out new ways to avoid detection. They're also using DNS as a command-and-control channel to sneak past corporate security protections.

Mobile security was one of many themes at the RSA 2012 conference, where security bods variously argued for better cloud security, debuted an initiative by Good Technology to bring RSA SecurID functionality to smartphones, and warned that information security is a fast track to career stress and burnout.

No wonder, what with constant new hacks causing headaches; Microsoft was certainly feeling that way after its Indian operation warned customer credit card details may have been compromised after its online store was recently hacked. Some argue that legal liability is the only way to convince companies to secure themselves, whilst others continue to put their money on the security market's continuous evolution.

Mobile peak body the GSMA published a set of guidelines for giving users more control over how users access their information – information that could, if new legislation isn't stopped, be stored and analysed by ISPs in an effort to fight child pornography.

As if that weren't enough, the US government saw a new cybersecurity bill introduced|]]. And other legislation may be sliding into place in the European Union, which (like the government of Japan) warned Google's new privacy policy breaches European privacy laws and may, in separate news, criminalise the process of "probing" a website to determine if it has vulnerabilities.

This could be particularly contentious given the corporate world's push to invest in quot;big dataquot; systems that offer great business rewards but come with high risks as they become targets for data-minded hackers and social engineers. Worryingly, new statistics suggested that more than half of organisations take quot;months or yearsquot; to even notice they've been hacked; imagine how much damage can be done in that time and you've got an idea why the hackers seem to be doing very well for themselves of late. That's because they are.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Copyright © 2012 IDG Communications, Inc.

The 10 most powerful cybersecurity companies