Network World’s recent article written by Sean Martin cites cybercriminals chilling strides in shortcuts to critical infrastructures. The sub-title says it best” “We know bad things can happen but we are not doing enough about it.” The article describes trends, attack scenarios plus key weaknesses, one being improperly managed account rights. Viewfinity CEO Leonid Shtilman warns that "most organizations are victims of 'privilege creep,' the situation where privileges are locked down initially by IT and are then increased little by little over time."

Read the full NetworkWorld article.

Attend this webinar on June 6^th to learn what you can do to combat Privilege Creep  http://goo.gl/9abNQ 

Below is a reposting of Network World’s article on survey results conducted by ESG on security professionals working at U.S. based enterprise organizations.  Security professionals were asked if APTS had caused their organizations to purchase and deploy new information security technologies and about 40% are doing so.

What's interesting is the types of investments they are making in order to protect sensitive data. For example:

* 54% of organizations that purchased new tools as a result of APTs are investing in data encryption technologies
* 43% of organizations that purchased new tools as a result of APTs are investing in database security technologies
* 35% of organizations that purchased new tools as a result of APTs are investing in DLP
* 31% of organizations that purchased new tools as a result of APTs are investing in new types of user authentication or access controls

Since the ultimate goal of APT attacks is data exfiltration, bolstering data security controls makes sense. A few other observations here:

1. I've been anticipating a steep increase in data encryption for a while and I think this is finally happening. Henceforth, data will increasingly be encrypted at the network, storage, file system, database, and application layer. Managing all of this encryption and associated certificate and key management is the next challenge.

2. Database security is often ignored but it seems like APTs have become a wake-up call. IBM tells me that its database security services and products (aka Guardium) are selling well. McAfee bought Sentrigo to take advantage of this trend. With continued growth in this area, Application Security, Inc. should be the next vendor to be gobbled up by a big guy like Check Point, HP, or Symantec.

3. Both McAfee and Symantec tell me that their DLP business is also red hot. RSA just made an announcement in this area as well. Likely that APTs along with the rise of mobile computing will continue to keep DLP sales momentum going.

4. While it’s good to see that 31% of organizations are investing in Identity and Access Management (IAM) this is a complex and often-ignored area. Security and business executives need to understand who has access to sensitive data, why these people need access, how often they access sensitive data, and what they do with the data once they access it. This is a very difficult thing to do but it starts with strong authentication, the principle of least privileges, and constant monitoring.