Companies shouldn't be afraid of proactively probing their systems for security vulnerabilities, argues Jerry Thompson of Identity Guard. "[N]o system is foolproof, and weaknesses and loopholes that can be patched ahead of time and continually monitored for suspicious activity are a company's first and best stronghold across an ever-widening threat landscape," he writes.
A major attack on US critical infrastructure is possible, and the US and private entities that own much of this infrastructure aren't prepared, argues Air Force Lt. Col. Michael Myers. Cyberinsurance is one component of preparation, but it needs to be accompanied by government backups of components such as transformers, Myers writes.
Most business leaders don't fully understand or follow news-making data breaches, a CA Veracode survey has found. That means security officials need to show how such attacks are possible in their organizations and explain what that would mean for executives, writes Chris Wysopal.
To properly secure networks, higher-education IT professionals should track down "zombie" machines still in operation, plus check the security of devices such as printers and other unsecured devices, says Curt Carver, vice president and chief information officer at The University of Alabama at Birmingham. IT leaders must proactively address vulnerabilities and work to educate those on campus about security, experts suggest.
Research company Kromtech says it discovered unsecured customer records this month on a server from a defunct FedEx acquisition. "We have found no indication that any information has been misappropriated and will continue our investigation," says Jim McCluskey of FedEx.