Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security. Go
we want to hear from you >
I recently hosted a Websense customer round-table discussion with 20 CSOs from top U.S. companies. We swapped war stories, hashed out the security challenges they face every day and they shared how they’ve been successful. These CSOs work in a variety of industries, including federal, finance and healthcare. Recently, there have been a number of highly public targeted attacks, which led to a lengthy discussion on spear-phishing. I found their insights very valuable and I wanted to share some key points...
When we were looking at putting out our Websense Security Labs predictions for 2012, we knew that mobile threats were going to be big this year. While we included one prediction on it, there was one piece that I had thought of, but didn’t include. It’s still a ways away, but Paul Henry has an excellent write up on “QR Codes – Leading Lambs To the Slaughter.”
He correctly points out that these “ultimate url-obfuscators” can be a serious threat down the line.
It’s a good reminder that any applications on workforce mobile devices need to be properly sandboxed from the operating system. We’ve already noted in Websense Security Labs research that there are challenges with certain platforms and there are a number of mobile malware variants, including Trojans on handhelds.
It’s interesting to think QR codes as threats continue to evolve in the mobile landscape. What’s funny is as I was writing this, our Security Labs researches discovered QR codes being used a new way – through a spam campaign.
What do you think about QR codes?
Recently, I was speaking with a CSO of a major corporation and the topic of how much money is made with cybercrime came up. Now, many of us talk about the proliferation of easily monetizable cybercrime, but because it is an invisible enemy, some people have trouble understanding the threat. I wanted to quickly share with you a great article that should be required reading for everyone in IT security:http://www.wired.com/magazine/2011/01/ff_hackerville_romania/all/1
The story covers the evolution of the small town of Râmnicu Vâlcea, Romania and how it went from having “a decades-old chemical plant and a modest tourism industry” to become what the article calls “Cybercrime Central.”
Cybercriminals are on the move again. And, this time, Canada is the prime target. IP addresses in China and Eastern Europe are highly scrutinized and undergoing intense evaluation. So hackers are on a quest to move their networks to countries, like Canada, that have better cyber reputations.
It's a little surprising to me as well. Previously, Canada was a place of great beer and hockey (next year, Habs!). But Websense recently conducted an analysis of Canada’s cyber security risk profile, and all trends pointed to Canada as the new launchpad for cybercriminals. For example:
Jump in Hosted Phishing Sites - Canada saw a huge increase in the number of servers hosting phishing sites, jumping 319 percent in the last year. This tremendous increase over the last 12 months is second only to Egypt in terms of the growth of sites hosting crime ware.
Increase in Bot Networks – Cyber criminals are moving their command and control centers to safer grounds. In the past eight months, Canada saw a53 percent increase in bot networks. In fact, Canada scored the second highest for hosting bot networks, when compared to the U.S., France, Germany and China.
Malicious Websites – We’re seeing a trend of malicious websites decline across the board. However, Canada’s decline is tremendously slower, when compared to the countries listed above.
Overall Increase in Cyber Crime – In Websense’s most recent Threat Report, Canada is #6 in the world for hosting cyber crime . And, this number continues to rise.
How many letters have you received? You know what I’m talking about. Let’s talk data breaches. Let’s avoid the hype of the headlines and some of the sensationalism of the media coverage. And look at a few facts from recent episodes to see if we can identify the root issue at the heart of the breaches.
I’ve already posted a first glance look at the Epsilon breach, but, let’s talk about this in a little more detail. There are three critical elements that need to be addressed here.
1. The business imperatives that lead to this episode
2. Why most organizations aren’t currently equipped to prevent such breaches
3. What companies need to do to protect themselves from third part breaches
The parade of large data breaches just came knocking on my front door. Or more accurately, in my home email. I received *three* almost identical messages from three different companies that told me in almost identical language that my name and email address had been leaked and, “you may receive spam email messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties.” Epsilon, an online marketing firm with a huge portfolio of diverse clients, lost a huge amount of customer data. In volume, it might be the largest breach in history.
At little risk of overstatement, let us rephrase the warning: “Don’t feel safe just because they only got your name and email and not your social. Make no mistake about it, you are about to become the target of a spear phishing attack.” For the uninitiated, spear phishing attacks take advantage of trusted relationships. You expect emails from these trusted companies, so you are less suspicious, less vigilant, and more likely to fall for a scam. Think you are too savvy? This is exactly how RSA just lost their valuable data—by an executive clicking on an email with a link to a web site that looked like it was from a known vendor.
