If you're looking to develop good leaders in your IT organization, consider using IBM as your model.
In Fortune magazine’s latest study of organizational leadership around the world, IBM placed first among 470 global companies “committed to building leadership capabilities within their organizations.” According to Big Blue, “An expert panel of independent judges selected and ranked winners based on criteria including strength of leadership practices and culture, examples of leader development on a global scale, impact of leadership in communities in which companies operate, business performance, and company reputation.”
More
Posted by Jim Powell0 comments
Results from a new application delivery networking survey took stock of the effects on enterprises of complex network attacks and what security measures they’re taking to guard against them. It’s always been a race between IT security admins and hackers, but the survey results are startling. One-third (36 percent) reported that their firewalls had failed under the load of denial-of-service (DoS) attacks at the application layer, 42 percent had a DoS-related firewall failure at the network layer), and all 1,000 large corporations (spread among 10 countries) reported losses from cyber attacks within the last year at an average cost of $682,000.
More
Posted by Jim Powell0 comments
Hewlett-Packard is staying in the PC game after all.
On Thursday, HP issued a press release saying the company “completed its evaluation of strategic alternatives for its Personal Systems Group (PSG) and has decided the unit will remain part of the company.” Though not technically a flip-flop or Netflix-style fiasco, HP’s announcement makes we wonder about the management skills of the company’s board of directors.
More
Posted by Jim Powell1 comments
With organizations beginning to focus on their 2012 budgets, findings from a survey by the Society for Information Management (SIM) are timely indeed.
In last year’s survey of CIOs, “business productivity and cost reduction” was at the top of the list of concerns. This year, that dropped to fourth place. In the lead: “IT and business alignment,” followed by “business agility and speed to market” and “business process management and reengineering.”
More
1 comments
Recently, Apica, a load testing and performance-monitoring provider for both cloud and mobile applications, released its top 10 tips for ensuring your e-commerce site is ready for the holiday shopping season. I found several of the tips interesting and asked the author and Apica’s CEO, Sven Hammar, for more details.
More
Posted by Jim Powell2 comments
Results of a new survey show a “serious disconnect between security perceptions and reality among IT Enterprise security managers” according to survey sponsor McAfee.
The 2011 Data Center Security Survey, conducted by Gabriel Consulting Group (GCG), looked at security issues at 147 enterprise data center managers. Most respondents (60 percent) say that their organization’s management believes “security is stronger than it actually is,” and just under a quarter (22 percent) believe management knows about their company’s actual security preparedness.
More
Posted by Jim Powell0 comments
If you're wondering when malware will become a real problem for mobile devices, your wait is over. So says Tom Cross, manager of Threat Intelligence and Strategy for IBM X-Force.
According to IBM's new X-Force 2011 Mid-Year Trend and Risk Report, Big Blue predicts that by the end of 2011, the number of exploits will be double what they were in 2010. A key target: mobile devices.
The X-Force team says many mobile phone vendors don't issue security updates quickly enough. Mobile devices are an increasingly popular target simply because of the incredible size of the market, and the team notes that mobile computing threats are enabled, in part, though malware distributed using third-party app sites. Some of this malware collects users’ personal information which can be used for identity theft or for phishing attacks. Other malware can spy on users' personal communications or track physical movements using GPS features built in to their devices.
Speaking of phishing, the report uses a term new to me -- whaling -- to describe "a type of spear phishing which targets 'big fish' or those positioned in high levels of an organization with access to critical data." Forget sending messages to everyone hoping to play the law of averages to be successful. Whaling attacks are "often launched after careful study of a person's online profiles" that give attackers the information they need to be successful. Through a combination of "stealth, sophisticated technical capabilities, and careful planning," teams of professional hackers are collecting the information they need to access critical network resources.
There are some bright spots in the X-Force report. For instance, in the first half of this year, Web application vulnerabilities dropped from 49 percent of all vulnerability disclosures to just 37 percent -- a first in the five years the team has been tracking such data. Also encouraging: "High and critical vulnerabilities in Web browsers were also at their lowest point since 2007" and spam volume has declined "significantly" through the first half of this year. To no one's surprise, when botnet operators are stopped, the number of spam messages drops and phishing attacks decline.
The biggest source of spam has moved to the Asia Pacific region; India accounts for 10 percent of all spam, with South Korea and Indonesia making it into the top five as well. That explains why IBM has opened a new IBM Institute for Advanced Security in the region (joining existing Institutes in Brussels, Belgium and Washington, D.C.).
Financial gain is a key driver, but increasingly attacks are done for political reasons. The X-Force team says "hacktivist" groups are using well-known techniques such as SQL injection against Web sites. Also highlighted in the report: a tripling in the number of anonymous proxies in the last three years.
What isn't new: some of the techniques hackers use. For example, attacks on weak passwords are still a popular approach, as are SQL Injection attacks. Exploitation of JavaScript is still successful; of the nearly 700 Web sites of Fortune 500 and other company sites IBM tested, 40 percent contain client-side JavaScript vulnerabilities.
The report warns that "Although we understand how to defend against many of these attacks on a technical level, organizations don't always have the cross-company operational practices in place to protect themselves."
As the "eyes and ears of thousands of IBM clients", the X-Force team gathers security intelligence using public disclosures and its own monitoring of 12 billion daily security events. The full report is available at no cost here (though a short registration is required).
-- James E. Powell
Editorial Director, ESJ
Posted by Jim Powell0 comments
A new global survey of more 850 IT and security professionals from Check Point Software Technologies Ltd. (a company specializing in Internet security) found that almost half (48 percent) of enterprises it questioned have suffered from vulnerabilities that exploit social engineering -- and suffered more than once. Those surveyed said they had experienced 25 or more attacks over the last two years, at a cost of between $25,000 and $100,000 per security incident.
More
Posted by Jim Powell0 comments