In part one of this two-part podcast, special guest Andrew Jaquith of Perimeter E-Security joins the SearchSecurity editorial team in exploring the highs and lows of 2011 for the security industry.
Mobile device platforms were built with security in mind, but in 2011 cybercriminals have had some success in bypassing security features on the Android platform, and Apple’s lack of transparency make the security of the iPhone a mystery.
In this wide ranging discussion, SearchSecurity editors and special guest Andrew Jaquith of Perimeter eSecurity, explore whether 2011 was a good year for the security industry or if the latest security incidents highlight many of the industry’s faults.
Smartphones and other mobile devices gained the most attention in 2011. Android malware, SMS text messaging scams and rogue applications shined a light on some of the weaknesses of mobile platforms. Several high-profile data breaches also cast a shadow on any gains organizations have made to defend against attacks. Epsilon, RSA SecurID and Sony experienced major data security breaches. Meanwhile, hacktivist groups, namely Anonymous and Lulzsec, wreaked havoc on the Internet, attacking websites and crippling them with denial-of-service attacks.
In part 1 of this podcast:
WIN — The RSA SecurID breach: While the immediate details left security experts asking a lot of questions, RSA clearly had a response plan in place for a serious breach. The company briefed its largest customers and kept close contact with government contractors that ultimately were targeted by attacks as a result of the breach. While two-factor authentication competitors attempted to gain new customers as a result of the SecurID breach, RSA appears to have maintained its strong customer base. Meanwhile, the Sony breach response was the antithesis of RSA. Sony seemed to have no breach response in place resulting in a network outage for nearly a month. The company has since rebounded, hiring Philip Reitinger, a former Department of Homeland Security official, to lead its security efforts as its CISO.
WIN-FAIL — Mobile platform security: Google Android and Apple iOS have been built from the ground up with security in mind, but it takes experienced software coders to take advantage of the security features offered by both Android and Apple. Unfortunately, a glutton of new software coders has resulted in poorly coded applications or mobile apps designed to tap into too many of the device’s features (SMS, GPS) causing privacy and security concerns. In 2011, the security industry has seen an explosion in Android Trojans, rogue applications had to be removed from Google’s marketplace, and while malware hasn’t really targeted apple devices, iPhone security vulnerabilities and Apple’s lack of transparency into its security processes have raised some doubts about iPhone security. Security experts say that over time the mobile platforms will mature and new developers will become better coders. Until then, look out for rogue applications and application vulnerabilities that leak data.
View Part 2 of Security Wins and Fails of 2011