Golden opportunity to tame application privileges

Windows XP migration is a once in a generation opportunity.

What is it about Windows XP that has made getting rid of an obsolete operating system so difficult? On the face of it, it should be no contest; XP is inherently less secure than its successors, will no longer receive essential updates, cybercriminals target it more often, and it doesn’t even support the latest secure applications. These factors add up to higher support costs and risk. Continue reading

Posted in Windows 7, Windows Migration | Tagged , , , , | Comments Off

How Windows XP’s End of Support Translates into a Window of Opportunity

The lead up to Windows XP’s expiration is causing a frenzy among the many businesses that are still running on the retiring operating system. Recent statistics show that XP still represents more than 30 percent of market share; unfortunately, the infection rate is six times higher than that of Windows 8 and two times higher than Windows 7. This means that every day that passes once Windows XP support expires will bring new risks to businesses that haven’t upgraded. As a result, we’re increasingly seeing IT departments starting or completing their migrations to Windows 7 in order to prevent huge customer support costs and minimize their attack vectors and risks of downtime.

Continue reading

Posted in Least Privilege, Windows Migration | Tagged , , , , | Comments Off

What can we learn from the latest data breaches?

The simple elevation of user and application privileges lies at the heart of many breaches

We must hope that January’s huge data breach at Target will be a turning point in the history of data breaches. For the first time, businesses are starting to ask difficult questions – might the fact that one of the US retail sector’s most respected retailers can be breached with such ease not be telling us that something is profoundly wrong with enterprise security? Continue reading

Posted in Cyber Threats, Databreach | Tagged , , , , | Comments Off

5 Reasons to Keep Admin Rights off your PC

There are many reasons why it’s a good idea to run without admin rights, but for a recent webinar by Avecto, I narrowed it down to my top 5 reasons why it’s important to do so.
You can hear more about these on the on-demand webinar and see real examples of ethical hacking, where I show you some actual scenarios of vulnerabilities in the Windows OS. Continue reading

Posted in Desktop Security | Tagged , , , | Comments Off

The simple way to mitigate over 90% of Critical Microsoft Vulnerabilities

Unconvinced about the importance of removing user admin rights? Read on for some compelling reasons why user privileges should be at the top of your security agenda in 2014. Continue reading

Posted in Vulnerabilities | Tagged , , , | Comments Off

5 reasons to love least privilege security

IT security doesn’t often get much love, from end users or system administrators. So in this post, I’m going to give you 5 reasons why you should embrace least privilege security with open arms on Valentine’s Day. Continue reading

Posted in Least Privilege | Tagged , , , | Comments Off

Microsoft extends limited security support for Windows XP – but is this enough?

Microsoft has announced that it will continue to provide updates to its anti-malware signatures and engine for Windows XP users until July 14th, 2015. But what does this really mean?

The end of support for the operating system as a whole is April 8th, 2014, and this extended security service isn’t enough to keep organizations secure. Continue reading

Posted in Windows Migration | Tagged , , , | Comments Off

Data breaches multiply: Something is badly wrong, but what?

Target’s breach tells us the world still isn’t fixed.

The list of world-famous firms humbled by data breaches since 2007 makes sobering reading: Heartland, TK Maxx, the Sony PlayStation Network, Evernote, and now retailer Target are among a long list that have ended up with their expensively-tended brand names etched into data security history for the wrong reasons. Continue reading

Posted in Cyber Threats | Tagged , , | Comments Off

What’s new in PCI 3.0?

Following the launch of PCI DSS 3.0 in January, I’ve been faced with questions from many businesses about changes they should implement within the next year to remain or become compliant with the updated mandate. Continue reading

Posted in Regulatory Compliance | Tagged , , , | Comments Off

Using least privilege to achieve compliance: The dual benefit

What do the guidelines of PCI DSS, FDCC, SOX and HIPAA have in common? These mandates, in addition to other commonly implemented regulations, either explicitly demand or at least suggest the use of least privilege security to effectively safeguard data. In terms of compliance, this methodology has a dual benefit – not only does it satisfy auditors, but it will also protect against security breaches that could result in destructive data loss. Continue reading

Posted in Regulatory Compliance | Tagged , , , , | Comments Off