Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
SYS-CON.TV
Top Links You Must Click On


Trustwave Reveals Increase in Cyber Attacks Targeting Retailers, Mobile Devices and E-Commerce
2013 Trustwave Global Security Report Highlights Data Breach and Security Trends

CHICAGO, IL -- (Marketwire) -- 02/13/13 -- Trustwave, a leading provider of cloud-based compliance and information security solutions, today unveiled key results from the 2013 Trustwave Global Security Report. The report highlights details and trends from more than 450 global data breach investigations, more than 2,500 penetration tests, more than nine million Web application attacks, more than two million network and vulnerability scans, more than five million malicious websites, more than 20 billion e-mails as well as extensive research and analysis of zero-day security threats. All of the information is Trustwave's own data collected and analyzed by Trustwave security experts -- not surveys. Throughout 2012, Trustwave tested, analyzed and discovered the top vulnerabilities and threats that have the most potential to negatively impact multi-national corporations, merchants and government entities.

This year's findings revealed the retail industry is now the top target for cyber-criminals. For the first time, the retail industry made up 45 percent of Trustwave data breach investigations (a 15 percent increase from 2011) with e-commerce attacks emerging as a growing trend surpassing the amount of point-of-sales attacks. Additionally, mobile malware increased 400 percent, with malware found on Android devices growing from 50,000 to more than 200,000 samples. The report also revealed that out of three million user passwords analyzed, 50 percent of business users are still using easily-guessed passwords -- the most common being "Password1" because it often meets the minimum standard for acceptable passwords. The findings indicated that in 2012, nearly every industry, country and type of data was involved in a breach of some kind with cyber-security threats increasing as quickly as businesses can implement measures against them.

"Cyber-criminals will never stop trying to compromise systems to obtain valuable information such as customer and private user data, corporate trade secrets and payment card information," said Robert J. McCullen, Chairman, Chief Executive Officer and President of Trustwave. "This year's Global Security Report pulls back the curtain revealing how breaches happen and how potential victims around the world can protect themselves so that they stay one step ahead and eliminate potential security threats. After reading this report, businesses and government agencies will be one step closer to building a comprehensive security strategy to reduce risk, protect data and safeguard their reputation."

Other Key Report Findings

  • Applications emerged as the most popular attack vector. E-commerce sites were the number one targeted asset accounting for 48 percent of all investigations.
  • 64 percent of organizations attacked took more than 90 days to detect an intrusion with the average time for detection being 210 days -- 35 days longer than in 2011; 5 percent took more than three years to identify the criminal activity. Most victim organizations still rely on third parties, customers, law enforcement or a regulatory body to notify them a breach has occurred -- a worldwide security problem.
  • Employees leave the door open to further attacks. Whether due to lack of education or policy enforcement, employees pick weak passwords, click on phishing links and share company information on social and public platforms.
  • Attacks were discovered in 29 different countries. The largest percentage, 34.4 percent, originated in Romania.
  • Spam volume shrank in 2012 but still represents 75.2% percent of a typical organization's inbound e-mail and roughly 10 percent of spam messages are malicious.
  • Businesses seem to be rapidly adopting an outsourced, third-party information technology operations model. 63 percent of investigations revealed a third party responsible for system support, development or maintenance, introduced security deficiencies easily exploited by hackers.
  • The two most noteworthy methods of intrusion, SQL injection and remote access, made up 73 percent of the infiltration methods used by criminals in 2012.
  • Out of the 450 cases investigated in 2012, about 40 variations of malware were found. Trustwave attributed the 40 unique types of malware to six criminal groups. Three criminal teams caused the majority of payment of service credit card breaches. Russia and the U.S. are the largest contributors when it comes to malware attacks making up 39.4 percent and 19.7 percent of hosted malware, respectively.

"Businesses should take a step back and re-evaluate their security posture," added McCullen. "All developers, particularly in the e-commerce industry, should implement a full lifecycle security plan that includes thoroughly educating themselves and their employees, equipping themselves with the best tools to protect themselves against attacks and making sure they are using the most reliable resources for zero day detection."

Top Security Recommendations for 2013

To improve security posture, Trustwave recommends six focus areas for organizations in 2013:

  • Educate employees. Employees are the first line of defense against attackers. Organizations should conduct security awareness training on a regular basis for all existing and new employees.
  • Identify Users. Every user-initiated action should be tagged to a specific person, whether in a physical or digital environment. Every year, a significant number of data breaches occur as the result of an attacker obtaining access to a user's account.
  • Register Assets. With the increase of bring-your-own-device (BYOD), it is more important than ever to have a complete inventory or registry of valid devices. A device should never be allowed access to a controlled environment unless it's registered and known. In addition, the patch levels and vulnerabilities should be assessed on a regular basis not only to work to improve the security of those in the environment but also to understand what risks exist when issues can't be resolved in the short term.
  • Protect Data. Attacks are more sophisticated than ever, and keeping cybercriminals out requires a multi-faceted approach. Businesses should implement a "more than technology" approach to security that includes team training and education, secure code review, and periodic penetration and vulnerability testing for e-commerce Web applications, as well as a data lifecycle methodology that governs data from creation to destruction. They should also create resiliency in systems by layering proven technologies such as a powerful secure Web gateway and a Web application firewall that can be deployed to improve protection and performance of business-critical applications, with virtual patching capabilities that combat threats in real-time.
  • Unify Activity Logs. Most businesses today treat physical and information security controls separately. Badge systems, HR records, and even loss prevention are not typically tied to the same team that monitors firewalls, intrusion detection and other security technology. Businesses should employ technology like security information and event management (SIEM) to take over the processing of these logs.
  • Visualize Events. The ultimate goal for organizations should be to develop an environment in which security threats are discovered innately-by both responsible security professionals and others in the organization. Security event visualization allows businesses to identify patterns, emerging vulnerabilities and attacks, and respond quickly and decisively across the organization when an attack does occur. Using the right data sources, advanced SIEM analytics, and data modeling, security event visualization prepares businesses to effectively mitigate current and future threats.

"There is no 'if' you will be attacked, only 'when' which is why it is crucial for organizations to follow security best practices and recommendations," said Chris Christiansen, Program Vice President Security Products and Services, IDC. "Cyber-attacks are increasing with little sign of abatement. Every business contains valuable information about themselves and/or their partners, channels, suppliers, and customers. By learning from other people's experiences and considering the suggestions outlined in this report, enterprises can build stronger and more responsive security programs that protect their businesses, employees, partners, suppliers, and customers."

The 2013 Trustwave Global Security Report will be available to the public prior to the RSA Conference in San Francisco, February 25. Sign up to receive a complementary digital copy of the report when it becomes generally available here: https://www.trustwave.com/2013GSR

About Trustwave
Trustwave is a leading provider of compliance, Web, application, network and data security solutions delivered through the cloud, managed security services, software and appliances. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its TrustKeeper® portal and other proprietary security solutions. Trustwave has helped hundreds of thousands of organizations -- ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers -- manage compliance and secure their network infrastructures, data communications and critical information assets. Trustwave is headquartered in Chicago with offices worldwide. For more information, visit https://www.trustwave.com.

Follow Trustwave on Twitter at www.twitter.com/Trustwave, on Facebook at www.facebook.com/Trustwave, and on LinkedIn at www.linkedin.com/companies/Trustwave. All trademarks used herein remain the property of their respective owners. Their use does not indicate or imply a relationship between Trustwave and the owners of such trademarks.

Add to Digg Bookmark with del.icio.us Add to Newsvine

MEDIA CONTACT:
Abby Ross
Trustwave
+1 312 873-7648
aross@trustwave.com

About Marketwired .
Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Enterprise Open Source Magazine Latest Stories . . .
DevOps Summit at Cloud Expo 2014 Silicon Valley was a terrific event for us. The Qubell booth was crowded on all three days. We ran demos every 30 minutes with folks lining up to get a seat and usually standing around. It was great to meet and talk to over 500 people! My keynote was we...
The OpenNebula Project has just announced the Beta release of vOneCloud, a CentOS Linux virtual appliance for vSphere that contains all required OpenNebula services optimized to work on existing VMware vCenter deployments. vOneCloud is for companies that want to create a self-service c...
Code-named “Fox Fur”, the twenty-third release of OpenNebula is available today with complete support to build clouds on existing VMware environments. OpenNebula 4.10 seamlessly integrates vCenter virtualized infrastructures leveraging the advanced features such as vMotion, HA or DRS s...
Let’s say we developed an application and plan to move our app to production on Amazon Elastic Cloud (EC2). Our application, in the form of a webapp, was developed using eclipse and we have tested it on Tomcat running locally. Now, we may want to test our app on an EC2 environment befo...
"Our premise is Docker is not enough. That's not a bad thing - we actually love Docker. At ActiveState all our products are based on open source technology and Docker is an up-and-coming piece of open source technology," explained Bart Copeland, President & CEO of ActiveState Software,...
This past week the Appcore team got the opportunity to attend one of the industry’s leading cloud events, Cloud Expo in Santa Clara, CA. We spent a lot of time interacting with attendees at the exhibit portion of the event. As a software company with a sole commitment to CloudStack, we...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021




SYS-CON Featured Whitepapers
ADS BY GOOGLE