xAssets Industry Information Resource
Links to Useful Articles Relating to Asset Management and Cloud Computing

Industry Resource - May 2017


An Obscure App Flaw Creates Backdoors In Millions of Smartphones

University of Michigan researchers have identified hundreds of Google Play that create an unexpected cyber-vulnerability. They turn a phone into a server, allowing the users to connect to that phone directly from their PC, in the same way that they would to a web site or an internet service. However, many of these apps leave insecure ports open on the smartphones. The existence of the open port enables attackers to steal personal data or photos, or to install malware. An open port is a proven way for a hacker to to gain a foothold in an individual s or company s devices.
Click here to read more

Annual Verizon Security Report Says Sloppiness Causes Most Data Breaches

Verizon's most recent DBIR (Data Breach Investigations Report) revealed that over fifty percent of the data breaches involved malware. Nearly three out of four of the breaches were financially motivated, and were tracked back to outside actors. Verizon s report indicated that email was the top malware delivery mechanism. This is a change from 2016, when the top malware delivery system was web drive-by-download attacks. The study included over 1,900 confirmed data breaches and over 42,000 security incidents across 84 countries. The data was compiled from 65 sources, including Verizon's own team and U.S. law enforcement groups. The report defines data breaches as intrusions where data is confirmed to have been exposed to an unauthorized party. Security incidents are defined as security events that compromised "the integrity, confidentiality, or availability" of data.
Click here to read more

FAST Calls on SAM Specialists to Start Whistle Blowing

The Federation Against Software Theft (FAST) is encouraging the SAM consultants to report their employers if they use unlicensed software. Software Asset Management specialists work with customers to reconcile their litigation. FAST s goal to convince SAM consultants to report those cases where users who continue to refuse to true-up licenses with software in use.
The software industry group offers an Incentive Payment Agreement, whereby it rewards whistleblowers with a percentage of the net damages discovered through an audit initiated through their actions.
Click here to read more

Software-as-a-Service is Eating Your Business

Recent research indicates that three quarters of large enterprises now consider software-as-a-service essential to their operations. However, the shift to SaaS didn t happen overnight. When terms such as SaaS and the cloud started showing up in the press, Traditional users were unsure why they would pay for something they wouldn t directly operate or license. Alex Theuma, editor of SaaScribe attributed this attitude to larger incumbents dragging their heels Theuma noted that, This was a big behavioral shift. When SaaS was a new category there was originally resistance from the majority. Companies like Salesforce had to do a lot of education around why subscriptions were a much better model for everybody involved.
Click here to read more

Intel Chip Flaw Allows Hackers to Hijack Thousands of PCs

Intel recently disclosed that a security flaw that dates back almost a decade could enable hackers to hijack thousands of users computers. The bug allows hackers to access a computer s mouse and keyboard, and gives them full access to the PC s files. The vulnerability even allows cyber criminals to install computer viruses even if the computer is turned off. Exploiting the flaw also allows hackers bypass the security on the AMT port which is commonly used to remotely access computers to provide support and install software.
Click here to read more

Hackers Are Reusing Free Online Tools As Part Of Their Cyberespionage Campaigns

Cyber-attackers are repurposing freeware tools to steal information, using techniques such as keylogging, file stealing, and password and cookie theft. To date their efforts have been focused their efforts on government agencies. This new form of cyberattack enables hackers to steal data by using readily available software tools, without deploying advanced malware. Hackers are using legitimate recovery tools because they are inexpensive, readily available, proven to be functional and don't possess distinctive elements which allowing the origin of the threat to be traced.
Click here to read more

67% of Security Teams Say Insiders Top Data Security Threat

Corporate IT organizations need to be able to monitor who is able to access sensitive information. Serious data security threats have been attributed to both insiders and malicious third-parties. Many IT groups work with trusted vendors or business associates, however failing to manage, control, and monitor their access to sensitive data could lead to a data breach. The recent 2017 Secure Access Threat Report found that over sixty percent of surveyed security professionals believe that a breach originating from an insider is their greatest security threat. The report collected information from over 600 IT professionals in numerous industries, who worked in Operations, IT Support/Helpdesk, IT Security or Network/General IT roles.
Click here to read more

New IoT Malware Targets 100,000 IP Cameras via Known Flaw

Tens of thousands of internet-connected cameras can be infected by an IoT malware that s spread through vulnerabilities in the products. The Persirai, malware has been infecting Chinese-made wireless cameras since April of 2017. The malware exploits flaws in the cameras that were identified in March. The vulnerabilities enable an attacker to remotely execute code on the cameras, hijacking them for other purposes such as denial of service attacks.
Click here to read more

Microsoft Fixes Remote Hacking Flaw in Windows Malware Protection Engine

Microsoft released an update for the malware scanning engine included with its Windows security products. The update fixes a critical vulnerability that allows attackers to hack computers. According to Microsoft, the vulnerability can be triggered when the Microsoft Malware Protection Engine scans a specially crafted file. The Malware Protection Engine is used by Windows Defender, the malware scanner preinstalled on Windows 7 and by other Microsoft consumer and enterprise security products. According to one description of this vulnerability, the mere presence of a specially crafted file in any form could trigger the exploitation. These file types include unopened email attachments, unfinished downloads and temporary internet files cached by the browser.
Click here to read more

How to Safely Secure IoT Devices

The Internet of Things (IoT)can be a powerful business tool however, as the use of IoT-connected devices grows and becomes more common so do the risks. Gartner forecasts the number of IoT-connected devices will increase over 30 percent in 2017 over 2016 numbers, reaching over 20 billion devices by 2020. Adding IoT devices to a network can obviate some core security features. One way to insure the security of the network is to know what IoT devices are connected. Before adding any device to the network, the company should be aware of the security measures required to ensure the devices don t jeopardize security. Companies should develop and maintain a database of IoT devices in use, their locations, the type of data they generate, what they control, and the networks they use to communicate. A good IT asset discovery solution can help meets these goals.
Click here to read more

Three Out Of Five Businesses 'Expect To Be Breached This Year'

A recent study found that sixty percent of businesses surveyed expect to experience a data breach in 2017. Approximately half of the 600 senior IT decision-makers polled reported a breach in 2016. Over thirty percent of the surveyed firms said they suffered two or more breaches in the last 12 months Worse, almost a third said they probably would not have known if they were breached. The average cost of a data breach at a major company was $4m in 2016.
Nearly fifty percent of the survey respondents said they were concerned about knowing who has access to what across their corporate network. Eighty percent respondents considered having strong identity governance a key component of their corporate security program.
Click here to read more

Newly Discovered Vulnerability Raises Fears Of Another WannaCry

A newly found flaw in the widely used Samba, free networking software developed for Linux and Unix computers networking software leaves over 100,000computers potentially vulnerable to an attack similar to that caused by WannaCry. The U.S. Department of Homeland Security urged users and administrators to apply a patch, however most of the computers found are running older versions of the software and cannot be patched. In an experiment, researchers needed only 15 minutes to develop malware that made use of the vulnerability, making it extremely easy to exploit. The affected computers belong to organizations, companies and home users. Firms can use thoier IT asset management tools to identify the vulnerable devices.
Click here to read more

Software as a Service Shakes Up Asset Management

Software as a Service (SaaS) has impacted application deployments across all industries. Beyond providing flexibility and scalability, SaaS changes the task of managing software assets and users. Traditional SAM solutions are designed for on-premises licensed applications. With SaaS, permission and usage are granted and billed based on individual users. Kent Brooks, IT director at Casper College in Wyoming noted that The primary difference in a SaaS environment is that you usually have a web-based management console that gives you a more real-time view of your license utilization. The ability to add and subtract users is centralized versus on-premises, where you may or may not have some sort of centralized management console.
Click here to read more

IT Asset Tracking Informs Better Capacity, Management Decisions

Effective provisioning is a key part of configuration management. Fundamentally it relies on management having an accurate inventory of available resources. It is difficult to properly provision resources without knowledge of what resources are available. Many organizations use IT asset tracking to develop this inventory. Many IT assert management (ITAM) tools include some native IT asset inventory capabilities. Some inventory features enable automated discovery, whereby the tool queries systems and identifies the hardware and software that comprise each server, including storage and network devices. Discovery also extends to the virtual machines, operating systems and applications. An import feature reads lists of software and devices supplied by other parties, such as a cloud services provider or a configuration management database (CMDB).
Click here to read more

IT Procurement Considerations and Market Trends for Software Licensing

Workplace productivity software is an integral part of business operations for large enterprises and small businesses alike. The distribution and licensing of software has evolved over the last few decades, from the provision of disk-based content to server- and cloud-based services. Nearly all software acquisitions are now license-based, enabling corporations to easily scale from individual-level user access to enterprise-level solutions. From an IT procurement perspective, there are two primary licensing models: perpetual and subscription. This article explores both of which in detail.
Click here to read more

Important Open Source Ruling Confirms Enforceability of Dual-Licensing and Breach of GPL for Failing to Distribute Source Code

A federal district court recently denied a motion to dismiss a complaint, based on an alleged breach of an open source software license, brought by Artifex Software Inc. against Defendant Hancom, Inc. The ruling illustrates the need to for companies to understand and comply with the terms of open source licenses. It also validates certain dual-licensing open source models and highlights the need for developers to understand when which options apply to their use. Many firms use open source without having adequate open source usage policies. In addition many do not understand the legal risks of using open source. One of the key risks in using open source is that a company may be required to release the source code for its proprietary software that is based on the open source code in the software. Companies without an open source policy should seek advice before incorporating open source software into their products..
Click here to read more

Industry Resource - April 2017


How You Hold a Smartphone Can Let Hackers Steal 'Passwords and Bank Details'

A team of researchers found evidence that hackers can steal PINs and passwords by analyzing how devices are held. Cybersecurity experts found that the growing number of motion sensors in our mobile phones may make personal data vulnerable to hackers. The researchers found that it was possible to "crack" four-digit passwords with 70% accuracy on the first try and 100% by the fifth simply by analyzing the movement of the device as information is typed. This made possible due to the information recorded up by the phone's internal sensors. Dr Maryam Mehrnezhad, lead author of the study noted that "Malicious programs can covertly 'listen in' on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords.
Click here to read more

Cyber Threats Are Growing More Serious, and Artificial Intelligence Could Be The Key To Security

In today s digital threat landscape firewalls and antiviruses are considered nearly obsolete; and companies are looking to more technologically advanced means of protecting crucial data.
One U.K firm uses machine learning and probabilistic mathematics to learn the normal 'pattern of life' for every user and device in a network. Using advanced algorithms that can adapt and learn the company can quickly detect anomalies. The technology is modeled after how a human immune system identifies and responds to foreign threats. It works quickly and without compromising the computer s or networks key functions.
Click here to read more

If You Want to Stop Big Data Breaches, Start With Databases

Re cently, large-scale data breaches have become commonplace. Tens of millions of records have been stolen. One culprit that is often overlooked is a poorly secured database that connects directly to the internet. Too often companies commonly use these databases to store customer and financial data, but employ outdated and weak default security configurations. A number of breaches over the last few years have all had one database type in common: open-source NoSQL databases, p using the MongoDB database program. Obviously there are many types of hacks that can result data breaches, such as spear phishing to gain access to a network. However, securing exposed databases is a relatively easy and effective step organizations can take to strengthen their defenses.
Click here to read more

Google Researcher Reveals Flaw In Android And iOS That Can Be Hacked Via Wi-Fi

A Google Project Zero researcher has discovered a serious security flaw in Wi-Fi chipsets of both iOS and Android systems. The flaw enables hackers to invade devices within Wi-Fi range and take full control of the device. Since the discovery Apple has released a patch for the flaw. Google has yet to release any update for Android. The researcher outlined the vulnerability of Broadcom's Wi-Fi system on chip (SoC), the most common Wi-Fi chipset used in mobile devices. In his research, he overwrote specific regions in the memory. While his exploit was harmless, the flaw can be used by an attacker by introducing malicious codes into any device simply via Wi-Fi.
Click here to read more

Mind Your Own Business: Top IT Asset Management and Tracking Tips

IT asset management is the process of managing a business's IT assets. It assets include computers, mobile phones, tablets, and more. It involves managing tangible assets and software (intangible assets). IT asset management also includes the processes of planning, buying, using, and disposing of those assets. This article describes some of the main benefits along with suggestions on how to get the value from your system.
Click here to read more

Manage Those Assets

All businesses use software, however not all businesses know exactly what software they have, if every software title is licensed, or if it is being used. Those companies could be paying for software that isn't being used. If they are using have unlicensed software the firm could face significant expenses in the wake of an audit. Following license compliance requirements is mandatory. Using a software tool to manage those licenses is just good business. One industry expert commented that "Businesses should consider software asset management as their next big cost-cutting exercise. Companies can save on license costs instead of retrenching people, for example. Instead of cutting back on other resources, companies can stop overspending on their software licenses."
Click here to read more

Why Every Company Should Address Risks Of Software Use

New research indicates that most businesses are unaware of the costs associated with software. In addition they do not do they have metrics on the degree to which their software is used. The upshot of this is that larger organizations are exposed to monetary risks potentially running into the millions. To compound the matter, organizations software budgets have expanded for years. According to recent information, the software spend of companies has risen 80 percent since 2001. Gartner calculates that, in 2017, the worldwide business spend on software will be nearly 357 billion dollars. But unmanaged software comes with risks that are result of software asset management not being commonplace in many businesses.
Click here to read more

The Three B's Of Cybersecurity for Small Businesses

Large-scale cyberattacks involving tens of millions of records get the most press. However, the frequency with which small and medium-sized organizations find themselves under attack goes under-reported and unnoticed. Over the last 12 months, fifty percent of American small businesses have been attacked by hackers. Considering the cost of a breach, many small companies could be one cyberattack away from going out of business. The author advises small businesses to know the three B s of cybersecurity: Be aware, be organized and be proactive. The article offers cost-effective suggestions on how can improve their cybersecurity preparedness.
Click here to read more

Ransomware, Mac Malware Dominate Q1 Threat Landscape

A recent analysis conducted by Malwarebytes of the cyber-threat environment indicates that ransomware will continue to be a major problem for enterprises and individual users throughout 2107. Increased malware development activity targeting Apple Mac and Android systems are also expected. In addition, researchers expect to see evolving methods for distributing malware using exploit kits, social engineering and spam email. Adam Kujawa, director of malware intelligence at Malwarebytes, noted that "It s important to realize that threats are constantly evolving, faster than we have ever seen before. This is mainly due to the increased resources available to the cybercrime community, which means more people, more money, more talent."
Click here to read more

Half of IT Execs In The US See Cloud As More Secure Than On-Premise Infrastructure

According to a Bitdefender survey of more than 500 IT decision makers just over half of the surveyed US IT executives believe that the cloud is more secure than their on premise infrastructure. Hybrid infrastructures, a combination of public cloud and privately owned data centers, have permeated the enterprise environment. According to MarketsandMarkets, the hybrid cloud deployment is growing faster than the overall IT market and will achieve compound annual growth of 27% until 2019. By 2025, it is forecast that nearly four out of five o corporate data centers will disappear as the cloud becomes the primary deployment for information technology. According to Gartner, by 2019, more than a third of the 100 largest vendors new software investments will have moved from cloud-first to cloud-only.
Click here to read more

Recognizing the New Face of Cyber-Security

The proliferation of new technology has made businesses targets of cyber-criminals and has created new levels of risk. Malware and cyber-attacks are no longer blocked by firewalls or by traditional security tools designed to identify specific viruses and code. Mobility, clouds, the internet of things (IoT) and the overall interconnected nature of business and networks have radically changed the landscape. At the same time attacks have become more insidious and sophisticated. Phishing, spear-phishing, whaling, ransomware, hacking, hacktivism, corporate espionage, data breaches and denial-of-service attacks have become everyday problems.
Click here to read more

40% of Discarded Digital Devices Contain Personal Data

According to a study conducted by the National Association for Information Destruction (NAID), 40% of digital devices found in second-hand resale markets contain personal identifiable information (PII). Of the sample group of devices, half of all tablets, 44% of hard drives, and 13% of mobile phones contained recoverable PII. Recovered data included usernames, passwords, credit card information, and company and tax details.
Click here to read more

The Godfather of Ransomware Returns: Locky Is Back and Sneakier Than Ever

Locky is one of the most widespread ransomware variants, infecting cxomputers worldwide.
After an initial decline in the distribution of Locky in the beginning of 2017 Locky is staging a comeback. Cybersecurity researchers have discovered a surge in emails distributing Locky. Over 35,000 emails containing the ransomware were sent in just a few hours. This time the Locky campaign is leeraging an infection technique associated with the Dridex botnet, in an effort to incerase the chance of compromising targets.This new form of Locky starts by using a phishing email with an attached file. The message claims the attachment is a document detailing a payment or scanned documents. But instead of attaching a compromised Office document, an infected-PDF is sent instead.
Click here to read more

Industry Resource - March 2017


More Than A Million Gmail and Yahoo Account Credentials on Sale

According to cybersecurity penetration testers, stolen credentials are one of the most significant threats to enterprise security. Too many people use the same password for work systems and personal online accounts. Research from Experian, drawing on data drawn from surveys with more than 400 senior business executives, reveals many businesses are ill-prepared for data breaches. A plan of action is the best tactic for all firms, considering that a data breach could happen to any company at any time. Many businesses are still have not implemented two-factor authentication and regularly required password changes, despite the fact that these two policies would eliminate the biggest security risks. According to a report by TeleSign, almost three quarters of online accounts use duplicate passwords and over half of all consumers use five or fewer passwords for all their accounts. The report also said nearly half of online account holders rely on a password that has not been changed for five years.
Click here to read more

How to Respond To A Cyber Attack

Cybersecurity breaches and malware incidents continue to grow in both volume and sophistication. According to a report by the Ponemon Institute, security incidents increased over 60% in 2015 compared to 2014. Following a security or data breach, organizations must focus on mitigating damage and data loss and providing information to law enforcement. Former Assistant U.S. Attorney Ed McAndrew and Guidance Software President and CEO Patrick Dennis have developed best practices for preparing and responding to a cyber-attack and working with law enforcement.
Click here to read more

Closing the Vendor Security Gap

Most companies can t describe the full extent of their relationships with their vendors. However, for many that lack of knowledge could represent an increased risk of a security breach. Recent findings in the 2016 Vendor Vulnerability Index highlight that much work remains to be done to improve third-party security. The report includes data that should be an incentive for business leaders, CIOs and senior IT managers to take some action. The survey of more than 600 IT and security professionals describes the visibility, control, and management that organizations worldwide have over external parties accessing their IT networks.
Click here to read more

The Four Things You Need To Know About Software Compliance

IBM software licensing and audits can be complicated, and it is likely that most firms don t have a strong understanding of software compliance or the right software asset management (SAM) strategy in place to insure compliance with the ELAs. In addition, most companies also don t appreciate the repercussions of a software audit, which today is virtually inevitable. Any company that uses IBM software licenses, regardless of size, will almost definitely be audited at some point. It s impossible to say when it might happen, but management must be ready. Unfortunately, too many companies don t have the proper controls and plan in place to deal with an audit, which almost always leads to a costly settlement. Firms can avoid audit surprises with proper IBM ILMT integration, and an experienced team of IT professionals on their side.
Click here to read more

Security Threats Could Become an ITAM Issue

Organizations have to constantly be aware of vulnerabilities or cyber-threats that could make their data subject to a cyber- attack. Threats can come from an almost any source, inside the organization, from a disgruntled employee or from a poorly configures piece of equipment. However, many of these potential vulnerability scenarios can be eliminated or reduced with proper checks and controls overseen by multiple employees. Many security breaches, financial damages, and resulting bad press could have been avoided with an effective on and off-boarding process. However, corporations rarely review this process after it is initially put in place. Changes in the workforce such as employees who bring their own devices, or remote workers who rarely visit the office are just a few factors many companies have failed to account for in their on and off-boarding procedures.
Click here to read more

Software Metering and the Use It or Lose It Mentality

Before an annual true up with a large software publisher, a software scan revealed that a firm was significantly over deployed for two of the licensed products. The overage was due to people requesting the software for short term use during projects then not contacting IT to uninstall after the work was completed. IT management quickly realized we would owe a significant fee for support and the cost of the additional licenses. Software Metering had previously been suggested by ITAM as a way to control software deployment. The license overages provided the perfect opportunity for the IT group to use metering to determine which licenses were not being utilized and to reclaim them. Software metering rules were created and the scans ran for four months. Desktop Engineers worked to establish metering rules, including Computers that have a metered program installed but have not run the program since a specified date . This allowed the firm to quickly generate a report showing us machine names and user ID s who had the products installed and had not used them in 90 days.
Click here to read more

Software Asset Management Maturity in The Age Of SaaS

Software Asset Management Maturity (SAM) has experienced growing pains in standing out from service management. Where this is clearly evident is with the advent of technology that is delivered through software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS). In this context, there is a difference in perspective in how SAM is viewed. With SaaS IT software spending is not considered a one-time expense, but rather as an operational expenditure. In that context, SAM may be seen as a means of controlling operating expense rather than a means of avoiding costs, and the SAM manager has the potential to become the finance director s new best friend.
Click here to read more

How NASA Saved $100 Million on Software Licenses

NASA was tasked to identify and remove duplicate software licenses negotiating lower prices for the software it licenses. To meet its goal the space agency created the Enterprise License Management Team (ELMT) to inventory its software assets and to centrally manage its software licensing process. As a result NASA has used its buying power to leverage volume pricing. In addition the space agency has identified unused software licenses in some locations and is reusing those licenses elsewhere in the organization. Since 2011 the agency has realized $103 million in cost avoidance.
Click here to read more

When Old Software Programs Lead to New Problems for Feds

Microsoft recently announced that a significant number of machines are potentially vulnerable to cyberattacks because they run unpatched software. The company blog noted that, Keeping browsers and other software up to date can counter the impact of. Exploit kits are used by cybercriminals for the explicit purpose of identifying software vulnerabilities. This warning highlights the importance of software asset management (SAM). SAM tools enable federal agencies to examine all versions of the software running across a network, and to determine if the proper software patches were applied. SAM tools ensure agencies take the proper precautions, a practice with an appropriately mundane name: cyber hygiene.
Click here to read more

Everything You Need to Know About IT Asset Management (But Were Afraid To Ask)

Asset tracking of everything from the virtual and physical servers to the smartphones and other devices that employees use daily is a persistent problem for organizations of all sizes and industries. Despite being an important foundation underpinning your company s ability to effectively manages and secure its IT assets, few companies maintain comprehensive and accurate asset management practices. IT asset management provides management with the what, where, and how IT assets are being used. IT asset management also answers security s questions of which devices are vulnerable to the latest threat? and which devices need the most recent vendor patch? Even though IT asset management may be viewed as a perpetually unsolved problem, it doesn t need to be the most difficult one. Like many other business practices, management may not give it priority but needs to do it on a regular basis to prevent future pain and significant expense. Practicing due diligence is a must.
Click here to read more

With Claims of C.I.A. Hacking, How to Protect Your Devices

WikiLeaks recently published thousands of documents that detail how the US C.I.A. successfully hacked a wide variety of tech products, including iPhones, Android devices. Companies with BYOD policies may be impacted by the information that was disclosed. However, there are simple steps the IT group can take to protect its data and devices. The WikiLeaks documents indicated that the Android devices targeted by the hacking programs were mostly running a version of Android 4.0.To combat the threat, IT management can mandate that BYOD devices running Android must be upgraded to the most current version or taken off the network. iPhones are less of a problem as those users are far more up-to-date with their mobile software than Android device owners. Nonetheless, owners of iPhones running anything but the most current version should be force to upgrade or leave their devices home.
Click here to read more

Systems Management and IT Asset Management Tools: The Same, Only Different

Nearly every IT department uses some form of a systems management tool (SMT), but too many rely on their systems management software to perform IT asset management (ITAM) functions. SMT s do the things they are designed for very well, but are not a substitute for a comprehensive ITAM or Software Assert Management (SAM) solution. By using flexible ITAM and SAM tools that easily integrate external data and have a dynamic report writer, IT pros can extract real value from their SMT investment.
Click here to read more

The Mobile Device Conundrum: Employee Flexibility and Security At Odds

The present conundrum for businesses is that employees want mobile/portable device access 24x7, but that can make sensitive data vulnerable. It is much easier to steal a laptop or tablet than hack a secure corporate database. Once a mobile device stolen, it s only a matter of time before thieves break into it. Al Sargent, senior director at OneLogin said that "It s possible to crack every standard Windows password in less than six hours, for less than $800 in parts. Once a hacker breaks into a laptop, they can easily access all the corporate data stored on it and access any web applications with still active sessions. Gmail, for instance, leaves sessions open for days." Furthermore, according to a recent Citrix/Ponemon Institute survey, nearly three quarters of IT leaders admit they are at risk because they cannot control employees devices. Companies generally need to implement safeguards to ensure information is protected regardless of where it is, or through what device it is accessed.
Click here to read more

How to Stop Your Smart Devices from Spying On You

Based on recent revelations, the options available to companies and individuals to prevent cyber-spying are limited. One surefire option is to disconnect the devices from WiFi and cell service; however that would render them virtually useless for their purposes. To ensure privacy in a given moment, users can unplug, turn off and remove the batteries from their devices when applicable. Other, perhaps more practical, steps to protect connected devices include downloading updates immediately, not clicking on suspicious links, running regular malware scans, turning the devices off when not in use and maintaining an accurate inventory of the networked devices to identify potential vulnerabilities. Apple has released patches to improve security and have more in process. Microsoft and other companies will likely do the same. Nevertheless, no one can truly guarantee they aren t being spied on.
Click here to read more

Overusing Software Licenses Could Lead To Costly Audits

As companies grow and add computers to their networks, they must purchase additional license keys in order to remain compliant with their software licenses. Unfortunately, in many companies, it is commonplace that their software licensing has been poorly managed and license keys have been reused on multiple computers. When gaps in licensing are discovered, the firm can simply purchase the licenses needed to remediate the problem. In the case where a company is already being audited, the process to become compliant can be more difficult.
Click here to read more

Oracle Audit Risks

Oracle operates one of the aggressive audit programs in the industry. To compound matters its licensing rules are difficult to understand, and are not clearly stated in the company s license agreements. In addition, Oracle typically conducts its entire audit in-house, through its License Management Services (LMS), in contrast other publishers often work with officially impartial, third-party accounting firms. These external fact-finders typically provide management with a better opportunity to provide meaningful clarification before the audit findings are published. Consequently, companies that have invested in any Oracle software products need to pay special attention to their usage of those products. They also need to be know what to expect when Oracle schedules an audit by LMS.
Click here to read more

How CIOs Need To Adapt Or Die In The World Of Digital Transformation

According to Gartner, over 80% of all IT spend is controlled by the CIO. However, given current trends within three years that number will drop to just 50%. This change is being driven the need for business units to self-determine their IT needs to foster the agility, competitive advantage and profitability to succeed. In the past, when the business needed technology for whatever purpose, IT scoped, sourced and managed the project. Consequently there was a strong alignment between the two organizations. However, with the growth of
cloud and mobile apps, IaaS offerings business units are independently defining, sourcing and managing new IT initiatives. This may be beneficial for individual business units, however, it could also prove a probelm terms of careful IT asset management, provisioning and budgeting.
Click here to read more

The New ITAM Department

Software Asset Management (SAM), IT Service Management (ITSM) and GRC (Governance, Risk Management and Compliance) are all key components of IT Asset Management (ITAM) today. However, new practices and requirements will evolve as security and new compliancy rules continue to arise. The growth of IoT (Internet of Things), connected devices, cyber-security, rogue software and departmental cloud utilization will continue to introduce new demands on ITAM departments globally. Fortune 500 companies have recognized how the alignment and management of an enterprise s ITR assets have become the backbone of the modern business practices. ITAM has contributed to the proactive approach to streamlining business processes.
Click here to read more

Here Are the Top 6 Ways Websites Get Hacked, According To Google

According to Google, the number of hacked websites rose by 32% in 2016, The company also noted that the number of hacks will continue to rise as hackers become more sophisticated. Google said that prevention is critical to keep hackers at bay, and that it is important to know how these attacks are being carried out to improve prevention. Google listed six ways that websites get hacked by spammers: compromised passwords, ignoring security updates, unmaintained or insecure plugins, social engineering, poor security policies and data leaks.
Click here to read more

Where Is Cybersecurity Headed in 2019?

The first quarter of 2017 isn t quite finished, and yet 2 major companies have suffered serious security incidents. These data breaches indicate that firms are still reactive rather than proactive with regard to security incidents. Even those companies that think they know what threats exist aren t really prepared for them. Existing security systems are designed to focus on known attack methods, not for future threats. The Information Security Forum (ISF) Threat Horizon 2019 report provides a blueprint for future threats. It looks at nine major threats and analyzes the kinds of threats that are expected to evolve in another two years.
Click here to read more

Businesses Beware: Smartphone Malware Rises 400% in 2016, Nokia Reports

According to Nokia s recently published Threat Intelligence Report, in 2016 mobile device malware infections reached an all-time high. Smartphone infections rose nearly four times in 2016 over 2015, making them the most vulnerable devices. According to the report smartphones attacks represented nearly 90% of all mobile device infections in the last six months of the year. The report authors stated that "From these trends, it is clear that cybercrime is moving to the mobile space and that smart phones are becoming the target of choice." The Threat Intelligence Report examined trends and statistics for malware infections in devices connected through mobile and fixed networks in the second half of 2016.
Click here to read more

Industry Resource - February 2017


5 Cybersecurity Tools Your Company Should Have

No business can afford to ignore cyber security. According to a recent Verizon Data Breach Investigations Report, over half of cyber-attacks target easier to breach small businesses. SMB's can take proactive steps to prevent cyber-intrusions, including the use of secure computing hardware, installing software to block spy-mail and ransomware, train employees to identify security threats, utilize 'always on SSL" in websites and maintain an ongoing inventory of their network and software assets
Click here to read more

Report: 75 Percent of Organizations Have Been Hit By Malicious Adware

According to Cisco's 2017 Cybersecurity Report, cyber threats are evolving rapidly to stay ahead of cyber protections. For instance, three widely used exploit kits, Angler, Nuclear and Neutrino, virtually disappeared in 2016. They were replaced by Sundown, Sweet Orange and Magnitude, which target Flash, Silverlight and Microsoft Internet Explorer. To combat these malware tools Cisco recommended uninstalling Flash and disabling extraneous browser plug-ins. Cisco also warned IT departments to be aware of adware, which displays ads for malicious purposes. Attackers can combine adware with harmful applications that can change the user's browser settings, track location, or ex-filtrate credentials.
Click here to read more

How to Build a Cybersecurity Strategy For 2017

Most companies fail to deploy security controls to "nodes" connecting to their network.
Employee-owned mobile devices, the Internet of Things (IoT) and cloud computing have altered the types of "assets" connected to networks. Implementing cybersecurity "best practices" across an unstructured and decentralized network constitutes a significant challenge for many companies. Firms have the most control over devices that they purchase, configure, discover and inventory. But as BYOD drives new devices, IT departments are losing control over the devices with which their users and network interact. Companies must reevaluate and establish the context of the users and actions taken on their systems and determine how to apply "best practices" to this new ecosystem.
Click here to read more

Software Licensing Compliance and Cost Optimization

Companies need to balance software license compliance (maintaining licensing that matches usage) with the need to control software licensing costs. Arriving at the properly balanced situation can be difficult for even experienced software asset managers. For instance, motivated employees will, at times, find unauthorized methods of accessing the software resources they need, sometimes without secure the needed license. Lack of compliance can result in unplanned expenses when violations are uncovered during a software vendor audit. While this is a problem, without access to the proper computing tools, employees and teams will not be able to competently perform their assigned tasks. The pressure to provide employees the tools they need at whatever expense is required to stay compliant, or avoid a costly audit, can compel an organization to tilt in the direction of excessive or imprudent spending.
Click here to read more

SAM in a SaaS World

Discovering, inventorying and reconciling devices and software installations is the foundation of SAM. With the continuing adoption of SaaS based solutions ITAM practitioners are being forced to look at the practice in a new way. It is not surprising that some SAM practitioners question the need to manage software assets after they have adopted a SaaS model. The thinking is that there is no device and as such nothing being put on a device to count. his thinking reflects an understanding of the technology, it misses the point that SaaS moves companies from a license tracking model to a subscription service tracking model that incorporates many sof the processes inherent to SAM.
Click here to read more

Do You Trust Your Discovery Data?

Accurate asset discovery data is the foundation for every IT Asset Management program. Too often IT Asset management is accomplished using spreadsheets with manual entries needed to fill in missing information. In addition, many discovery tools are not designed for IT Asset Management, but are intended for patching, or network administration. As a result, these systems may be missing critical information. In addition to understanding what information is collected by the discovery tool, it is essential to understand how that data is collected. Most discovery tools for Windows systems rely on information in the Windows registry or the Windows Management Instrumentation (WMI) file to get hardware configuration information. Software information typically comes from a combination of Add Remove Programs or the executable files on the device. It's important to have a high level understanding of these elements to understand where the system could be breaking down.
Click here to read more

Avoid Overpaying for Software Settlements

Most software audits initiated by the software publisher, or by a third party authorized to pursue copyright infringement claims on behalf of the software publishers (e.g. BSA, SIIA), are settled without litigation. Most of the settlements involve a monetary penalty as part of the resolution.
There are many factors that precede the negotiations and which impact the total payment. As part of the audit, the auditing party works to identify any gaps in software licensing. These gaps may range from a insufficient licenses to having the incorrect license for the software installed. Once the auditing entity determines the number of gaps, it calculates a total settlement based on the information presented. An initial settlement demand establishes the baseline for negotiations. It is critical to ensure that the initial number is accurate before engaging in negotiations. This article explores are several key factors to consider with regard to the settlement demand.
Click here to read more

Experts at RSA Give Their Best Cybersecurity Advice

Even the best security software is useless if users and businesses fail to take the right steps to protect themselves. Experts at the RSA show were polled for their best cybersecurity advice. This article includes advice from Joe Stewart, Director Of Malware Research at Dell SecureWorks (use two factor authentication), Mike Sentonas Vice President Of Technology Strategy at CrowdStrike (define what you need to protect),, Mike Buratowski, Vice President Of Cybersecurity Services at Fidelis Cybersecurity (expect tobe a target), Chris Wysopal, Chief Technology Officer at Veracode (don't trust the ntechnology to be secure), and Jeremiah Grossman, Chief Of Security Strategy at SentinelOne (perform a complete IT inventory).
Click here to read more

Beware Google Chrome Scam That Could Inject Malware into Your Computer

According to cybersecurity experts at Proofpoin, a Google Chrome scam that infects Windows computers with malware poses a reall threat to users. Proofpoint warned that hackers can inject a script,which targets the Chrome browser on Windows. The script and then rewrites the compromised website on the victim's browser to make the page unreadable and creates a fake issue for the user to resolve. A popupcontaining the message "The 'HoeflerText' font wasn't found," propts users to download an update to their computers. The update is actually a malware download.
Click here to read more

Is Your Smartphone Spying On You? Phone Cameras, Microphones At Risk Of Hacking, Expert Says

Analysts are more and more focused on malware that can take over a smartphone's microphone or camera. Security researchers recently discovered that hackers could remotely enable the camera and microphone on the smartphones issued to Israeli Defense Force soldiers. ," Kevin Haley, director at Symantec Security Response noted that the cellphone is the perfect spying device. Using a cellphone a hacker could track people wherever they go, listen in on their conversations and see what they're doing. The process behind this type of infection works the same as most malware. Targets are sent a prompt to download a seemingly legitimate app or are sent to a secondary webpage. These links can often be vague or attempt to gain the user's trust by appearing to be tied to major businesses. Once installed, these programs take over the smartphone's functions through various security holes.
Click here to read more

Industry Resource - January 2017


Cybersecurity Experts Identify 3 Hacking Trends Of 2016

As the number of individuals and businesses who relied on technology increased, hackers expanded their efforts to victimize and exploit nearly everyone with a computer or smartphone.
Experts evaluated which forms of cybercrime were committed the most. Ajay Kumar breaks them down into three categories: Ransomware, IoT hacking, and lawful hacking. Ransomware had cost organizations millions, IoT hacking, using connected devices, shut down internet service provider Dyn in 2016 and lawful hacking split the tech industry when the government demanded that companies help break the security codes they invented to protect their customers.
Click here to read more

Top Cybersecurity Lesson from 2016: Unchecked Insiders

Cybercriminals have many advantages over many IT departments. However, there are two factors that IT groups can control that contribute to the rampant spike in cyber breaches. The first is that employees and contractors often have the ability to access far more data than they require. The second factor is that most organizations do not monitor or analyze how information stored in files and e-mails is used. Whether hackers seize control over a system, or if insiders abuse their either out of ignorance or for malicious purposes, these vulnerabilities on the inside are among the largest threats to any organization. Despite the cybersecurity technology available data breaches continue to increase, largely due to these internal factors.
Click here to read more

Data Breaches Through Wearables Put Target Squarely On IoT In 2017

Forrester predicts that more than half a million IoT devices will suffer a compromise this year. IoT security is an issue because of the sheer velocity of how the distributed denial-of-service (DDoS) attacks spread through common household items. Forrester noted that "Today, firms are developing IoT firmware with open source components in a rush to market. Unfortunately, many are delivering these IoT solutions without good plans for updates, leaving them open to not only vulnerabilities but vulnerabilities security teams cannot remediate quickly." Security is an afterthought for most IoT devices and lack thereof is exacerbated as patching IoT firmware cannot be performed as problems arise using over-the-air patching.
Click here to read more

KillDisk Cyber Sabotage Tool Evolves Into Ransomware

The KillDisk malware has been used in the past to wipe data from computers during cyberespionage attacks. However, the most current versions of the malware now act like ransomware. Rather than wiping the data from the disk, the malware encrypts the data stored on the system and transmits a message asking for 222 bitcoins (over $200,000) to restore the information. There is also a Linux variant of KillDisk that can infect both desktop and server systems. The encryption routine and algorithms are different between the Windows and the Linux versions, and the encryption keys for the Linux systems are neither saved locally nor sent to a command-and-control server. Consequently the attackers can't actually get to them.
Click here to read more

Feds Allege Security Flaws in D-Link Routers, Cameras

The Federal Trade Commission filed a complaint in the federal Northern District Court of California claiming that D-Link routers and internet accessible security cameras have put "thousands at risk" over years of poor security practices. The complaint alleges that those problems included "well-known and easily preventable software security flaws, such as 'hard-coded user credentials and other backdoors, and command injection flaws, which would allow remote attackers to gain control of consumers devices." The company denied the FTC's claims in a statement.
Click here to read more

49% of Businesses Fell Victim To Cyber Ransom Attacks In 2016

According to Radware's Global Application and Network Security Report 2016-2017, almost half of businesses were the targets of a cyber-ransom campaign in the past year. The report found that data loss was foremost among IT professionals' cyber-attack concerns, followed in order by service outage, reputation loss and customer or partner loss. Malware or bot attacks hit half of all organizations surveyed. The Internet of Things (IoT) was a major cause of the pervasive attacks. Over half of all respondents reported that IoT ecosystems created more vulnerabilities and complicated their cybersecurity detection measures. Ransomware attacks also increased rapidly with over 40% of respondents reporting that ransom was the top motivator behind the cyber-attacks. they experienced in 2016.
Click here to read more

Leveraging Privileged Access Management to Stave Off Internal Security Threats

Executives and managers concerned about the security of their business critical assets, need to be aware that it is not just the external threats that might jeopardize their IT systems. A significant threat is posed by the people they entrust with their data. Malicious insider frauds can cost a company even more time and money than other external cyber security attacks. Moreover, the most dangerous insiders are often the employees with privileged accounts. Privileged access breaches not only present unique security challenges but may also lead to compliance violations. According to the 2015 Insider Threat Report, nearly 60 percent of cyber-security specialists consider privileged users to be the biggest security risk in their organizations.
Click here to read more

Mobile Is Still the Safest Place For Your Data

The Identity Theft Resource Center maintains a database of personally identifying information breaches that require disclosure under state and federal laws. If mobile devices were a factor into data loss, they would be included in this database. However, mobile-linked breaches haven t been recorded, despite the nearly universal use of a smartphone. What do show up are paper records, USB drives, laptops, database hacks and successful phishing attempts. None of the lost, stolen, or compromised devices were mobile devices, likely because encrypted devices need not be reported and are presumed safe. iPhones and iPads encrypt their contents, as do professional-grade Android devices.
Click here to read more

Put an End to Software Sprawl

Many companies are still using outdated manual processes to manage their software inventories That practice can cost them time and money. Eric Moll, director of digital transformation at COMPAREX Canada recently noted that "Organizations are turning into software companies and they need to be able to manage their software assets as strategically as their people and products." Effective software management system can facilitate licensing audits, and can free up corporate resources. Rik Schaap, SAM consultant with COMPAREX Canada added that "It s not a question of whether you will be audited, but when." Software publishers are actively pursuing compliance reviews in today s marketplace. The outcome for ninety percent audits is overall negative for most firms and CIOs are usually held responsible for costs of a failed audit.
Click here to read more

Software Licensing Lessons from 2016 For A Cloudy Future

Software delivery models have been trending towards the cloud, and subscription models. Experts expect growth in uptake and use of IaaS, PaaS and SaaS to continue in 2017. In 2017 and beyond SaaS adoption benefits and TCO should be extensively evaluated. Procurement and SAM professionals will play a role in determining value through price analysis and the use of SAM metering data to weed out shelfware, create a platform for right sizing and review ther value attained from each software title.
Click here to read more

IT Asset Management Software Market - Global Industry Analysis, Size, Share, Growth, Trends, and Forecast 2016 - 2024

The IT asset management research report provides a detailed analysis of how various organizations use ITAM software solutions, particularly hardware and software. ITAM software helps firms to reduce operational and capital expenditures. In addition, deploying ITAM an enterprise can identify licensing and contractual data related to a particular software title, eliminating regulatory risks. The report covers the factors trending in the market, and technological advancements supporting the growth of ITAM software market.
Click here to read more

10 Ways IT Asset Managers Affect the Top and Bottom Line

As new business technologies are helping all types of organizations to achieve competitive advantages, IT asset management continues to serve as a critical function for IT departments. IT assets include all hardware and software owned, leased and/or licensed by an organization, and a scalable ITAM practice increases in importance as the size and complexity of the organization grows. Insuring software license compliance, mitigating risk, reducing costs, and increasing profitability are the main areas of focus for IT asset managers. IT asset managers are the CIO s best friend and arguably one of an IT department s most valuable team members. This article presents 10 ways IT asset managers affect an organization s top and bottom lines.
Click here to read more

Why Business Departments Choose Their Own Tech

According to a recent survey from Logicalis business departments a have undertaken technology investment independently of the. CIO The Logicalis report, titled "Digital Enablers: The Challenges Facing CIOs in an Age of Digital Transformation," notes that business units are employing their own IT staff, and that CIOs regularly work with these departmental IT pros on strategic goals. It is also common for business managers to acquire tech apps and solutions without consulting the IT department; known as "shadow IT". Some experts feel that this is a natural business evolution where the lines between tech and business become blurred. Mark Rogers, CEO at Logicalis noted that "As digital innovation accelerates, the winners will create new customer experiences, make faster and better decisions through smarter collaboration, and create new digital business models and revenue streams securely. CIOs and IT leaders can play a leading role in enabling that innovation, drawing on skills from insightful partners to help shape their businesses and lead their sectors through the application of digital technologies."
Click here to read more

This Gmail Phishing Attack Is Tricking Experts. Here s How to Avoid It.

A new phishing scheme targeting Gmail users is getting past even experienced security experts.
In the new phishing attack, Gmail users receive an email that appears to have come from someone they know. It also includes a malware attachment. When a user click on the attachment, a new tab opens up and the victim is prompted to sign into what appears to be Gmail. That copycat site is used to collect login information, and once users log in, their Gmail account is compromised. To avoid being compromised users should take care to look for a green lock icon in their browser address bar (if using Google Chrome) and insure the URL begins with "https://". The copycat Gmail login site begins with "'data:text/html" and should not be trusted.
Click here to read more

Why Slack, Chatbots, and Freelance Workers Have Your IT Department Freaking Out

In a recent study 25% of the companies surveyed organizations said they incurred cyber-thefts of proprietary data. Recent workforce trends, the rise of workplace collaboration tools workers taking advantage of BYOD policies and the use of project-management platforms and apps has risen in order to keep everybody connected have contributed to the cyber-security problem. Among the business tools accessed with employee owned devices, videoconferencing app Zoom, Cisco s Umbrella, and Slack topped the list. Thus, it's not unreasonable to conclude that those employees are mixing business and play on their own devices, and are using their employers networks. CompTIA researchers warn that cyber security vulnerabilities are likely to grow with the use of BYOD and shared tools.
Click here to read more

IoT Devices Growing To 46 Billion; Security Breaches Seen

According to a new report by Juniper Research, security risks will increase as the number of connected devices expands. The report cites recent cyberattacks which leveraged compromised IoT devices, creating "botnets" that were used to attack servers. The report notes that current security vulnerabilities of IoT devices will be exploited to carry out more complex attacks in the future. Steffen Sorrell, author of the report said that "Attacks such as those on Dyn last October can be viewed as proof of concepts. "In the medium-term, botnets will be used far more creatively, not only to disrupt services, but also to create a distraction enabling multi-pronged attacks aimed at data theft or physical asset disruption."
Click here to read more

Knowledge Is Power

According to, companies deploy security information and event management solutions to manage threats and insure compliance. However, across businesses of all sizes the focus is on early threat detection. Endpoint management, a component of IT asset management, provides a single point of contact enabling the business to address issues across the enterprise. When a company has an enterprise-wide issue, management wants to initiate an investigation quickly, report on the problem immediately and then remediate as soon as possible. ITRAM and good endpoint management facilitate these operations.
Click here to read more

Cloud Computing: How Software as a Service (SaaS) Growth is Killing Traditional Software Licensing

The editors at 1redDrop noted that the enterprise software segment is already paving the way for SaaS growth to maintain the expected 30% CAGR. Firms such as IBM, Microsoft, Salesforce and Oracle will eventually control the top of the enterprise SaaS market on the strength of their cloud-based software offerings. The company forecasts that days are numbered for the traditional method of selling software as an installed product for a fixed licensing fee. Software as a Service (SaaS) is the new model, and in the near future may end up being the only software is publishe3d and distributed.
Click here to read more