The week in security: CSO confidence declining; endpoint security in “sorry state”

New figures suggested that scams are by far the most common type of cybercrime affecting Australians, while CIOs and CISOs faced a raft of other concerns as well – for example, new findings that 23 percent of documents shared via unauthorised 'shadow-IT' cloud apps are being made available to the public. Little wonder that, despite a surge in salaries for qualified candidates, cybersecurity professionals are less confident in their security infrastructure this year than last.

And how could they not be? With an Austrian aircraft part manufacturer revealing that a cyberattack cost it $US54m, the stakes have never been higher. A good defence, of course, requires a range of things – particularly including trust.

Even as a Linux vulnerability threatened easy breaches of Linux and Android devices – and was quickly fixed by Google – there were also concerns about cyberattacks on Ukrainian power companies, persistent backdoor vulnerabilities in AV equipment, and specialised industrial communications gateways that can be accessed with any password. Yet this holds true for many general IT systems, apparently, as a review of 2015's worst passwords revealed perennial favourites 123456 and password are still far too common.

A scan of Cisco devices found that 92 percent contain at least one vulnerability, and the networking giant also fixed a few problems in its gear. The finding also lent weight to calls for the healthcare industry to adopt security principles around the use of medical devices; regulatory body the US Food and Drug Administration agrees.

Meanwhile, Intel fixed a vulnerability in a driver update utility and Oracle issued a record number of patches – 248. Intel also demonstrated its Intel Authenticate technology, designed to simplify the process of secure sign-ins.

A US casino sued security firm TrustWave over its claim to have “contained” a data breach, while Kaspersky and Bitdefender got the highest ratings from an testing firm. And FireEye, for its part, shelled out $US200 million to purchase threat-intelligence firm iSight Partners – which opened its first Australian office just months ago.

The US Congress is considering a commission to formally look into the growing debate over potential controls on encryption usage, while a security researcher warned that a British-government voice encryption protocol has been intentionally weakened to allow for snooping.

Also on the voice front, Skype began hiding users' IP addresses to protect from online trolls. And the Australian Taxation Office expanded its biometric voice-recognition platform to include mobile devices – which will access its growing database of more than 1.5m voice signatures.

Conversely, Facebook now allows traffic for its Android app to be run over the Tor anonymity network. This may boost security, but it's only one small victory for endpoint security that has overall been slammed by one security expert as being in a “sorry state”.

Also in a sorry state are online ads, with Google reporting that it blocked a record 780 million malicious ads in 2015. Amazon Web Services wants to boost overall security by issuing free digital certificates to users of its cloud services.

Participate in CSO and Gigamon's survey on Security Priorities today!

Go into the draw for a chance to win an Apple iWatch Sports or the equivalent of $500 Visa Cashcard.

For full terms and conditions click here.

Start survey NOW!

Copyright © 2016 IDG Communications, Inc.

The 10 most powerful cybersecurity companies