14 Bad Habits IT Leaders Should Break Now

by Carla Rudder

14 Bad Habits IT Leaders Should Break Now

May 10, 2016

 

At a time when moving faster is the mantra of every IT organization, bad habits can slow or even inhibit a CIO’s success. IT leaders and their teams are increasingly relied upon as technology continues to move to the center of all business decisions. With all eyes on IT to lead their organizations through digital transformation, there’s no time like the present to identify the hangups that may be standing in your way.

We asked IT leaders to share their thoughts on the worst habits in IT, and they came up with this list. Is your IT organization guilty of any of the below?

(Original Article)

Devices Spawn An Internet Of Evil Things Say Global InfoSec Execs

Oh great. The world’s internet security professionals are increasingly worried about what they are calling the Internet of Evil Things.

These concerns stem from the risks posed by connected Internet of Things (IoT) devices — a problem which is set to grow, even as resources and visibility into such connected devices have stagnated, according to a new survey.

The study of the views of more than 400 global IT security professionals, called “The Internet of Evil Things: Top Connected Device Threats 2016” by InfoSec outfit Pwnie Express shows that even as awareness of vulnerable devices grows in 2016, information security (InfoSec) professionals are not ready or equipped to manage the consequences.

The Connected Device Problem

According to the study, an overwhelming majority (86 per cent) of InfoSec professionals are concerned with connected device threats, with 50 per cent either “Very” or “Extremely” concerned.

Their fears have risen sharply in the last 12 months, with 67 per cent more worried about connected device threats than they were a year ago.

Perhaps most troubling is what is driving their concerns — first-hand experience. More than half (55 per cent) have witnessed an attack via wireless device, and 38 per cent have witnessed an attack via mobile device, according to the study’s authors.

Blame is also sheeted home to the proliferation of wireless and mobile devices and the prevalence of BYOD and BYOx environments. In fact, more than a third of those surveyed said they didn’t know even how many devices were connected to their networks.

(Original Article)

Information security professionals may not be prepared for IoT after all

Risk and concern surrounding the Internet of Things (IoT) continues to grow, while related security resources and visibility into connected devices stagnates, according to new research sponsored by Pwnie Express, the wireless threat detection solutions provider.

As a result, even with awareness of vulnerable devices at an all time high, information security professionals are not ready or equipped to address the growing threat of the IoT, the research suggests.

According to the report, today, 86% of information security professionals are concerned about connected device threats, with 50% either ‘very’ or ‘extremely concerned’.

Furthermore, the majority (67%) are more worried about connected device threats than they were a year ago, with first- hand experience driving heightened concern – 55% have witnessed an attack via wireless device, and 38% have witnessed an attack via mobile device.

(Original Article)

Study argues InfoSec workers not able to deal with IoT enterprise security concerns

Good news and bad news: information security professionals are becoming more aware of the risks presented by the proliferation of endpoints through the Internet of Things (IoT), but they are struggling to prepare to address the growing threat.

That is the verdict from a new piece of research from Pwnie Express. In a report entitled ‘The Internet of Evil Things’, which polled more than 400 global IT security professionals, the researchers argued Coolpad devices were the more frequently vulnerable mobile hotspot, while HP printers were considered a particularly dangerous backdoor.

Pwnie Express CEO Paul Paget said: “As the IoT universe continues to grow, the corresponding attack surface for malicious actors is growing, giving them an easy and unsecured way into your organisation’s most sensitive information – and this has understandably put information security professionals on edge. Yet, despite ever-growing concerns around the proliferation of connected devices on and around their networks, more than one-third of organisations admit to having no BYOD policy in place at all and only 24% actually have a budget in place for BYOD security technology.

“This tells us that security professionals desperately need help educating the corner office and those in charge of the purse strings about the new evils and dangers their organisations face in our ever-evolving IoT world,” he added.

(Original Article)

Threat geography: Why certain kinds of cyberattacks come from certain places

Everyone is everywhere

Finally, while these broad trends are important to keep in mind, it’s just as important to not let them blind you to the diverse array of threats coming from all directions. “It’s dangerous to fall into threat categorizations, as not all bots are from Russia, and not all Chinese are after US military secrets,” says Jayson Street, InfoSec Ranger from Pwnie Express. “Security professionals make themselves vulnerable to attacks when they don’t investigate the possibility of that 419 being from Kansas or Paraguay. The internet has no borders, boundaries or categories. Attackers are global, profit-driven individuals. While you may physically know your neighbors and border countries, on the internet you’re just a number. Attackers don’t see region or nationality; they see IP addresses, and profitable possibilities.”

(Original Article)

Listen to the Security Shark Tank Pwnie Express Spotlight Podcast Now!

Company Description:

Pwnie Express provides threat detection for the billions of wireless and wired devices in and around your workplace. By automating wireless and wired device detection, Pwnie solutions continuously detect the devices on or around your network that are open pathways for attackers.

Areas of focus:

BYOD

Internet of Things Security

Describe the business challenge your solution addresses:

The ability to visualize, fingerprint, and analyze the behavior of devices on your network is critical for threat detection, BYOD policy enforcement, remote vulnerability assessment, resource inventory management, bandwidth optimization and more. Pwnie Express’s Pwn Pulse provides real-time, automatic detection of all wireless and wired devices in your workspaces.

(Original Article)

The Risk of Open WiFi on Display at RSA

VIDEO: Once again the RSA Conference decided to use unencrypted WiFi, and once again it’s time to (re)learn why that’s a bad idea.

SAN FRANCISCO–Security experts from around the globe descended on the Moscone Center here this week for the annual RSA Conference, which provided free WiFi throughout the sessions and exhibit halls. While the WiFi has been generally available, there has been one key problem with it–it’s unencrypted.

(Original Article)

Internet of Evil Things Report

The team at PWNIE Express have just released their Internet of Evil Things Report for 2016. The report is a sobering discussion as to how badly behind we are in attempting to resolve the Infosec puzzle.

While we have made gains in traditional infosec management and monitoring, there is still a vast area of connectivity we have failed to address. If your interested in INFOSEC, run a network or are just curious as to what the next areas of security concern are, head along to their website and register for the report. Its worth the read.

(Original Article)

Why You Should Build Your Network Like a Submarine (RSA 2016)

“We’ve talked about the architecture like walls. We’ve always tried to be like castles and moats. And I don’t care how big you build the wall. I don’t care how wide that moat is. I don’t care if it’s on fire with flame retardant crocodiles. It’s just not going to work anymore, because they’re (the hackers) paratrooping in,” said Jayson E. Street (@jaysonstreet), Infosec Ranger, Pwnie Express, in our conversation at the 2016 RSA Conference in San Francisco.

We need to worry about creating a submarine-like infrastructure, explained Street, who pointed out that submarines were built to be ‘breached’ (take hits). But those breaches/hits can be compartmentalized and repaired, thus allowing the rest of the submarine to survive.

That’s how we have to build our networks, advised Street. If there is a breach in one section, it can be isolated and managed, preventing the whole company from toppling down.

“We can’t live in a world where we’re stopping breaches anymore. It’s so hard to stop a breach,” added Street.

(Original Article)