Stories by George V. Hulme

When it comes to hiring, enterprise security teams can use all of the help that they can rally. But when it comes to hiring entry-level talent, that's not as easy as it may seem.

When it comes to hiring, enterprise security teams can use all of the help that they can rally. But when it comes to hiring entry-level talent, that's not as easy as it may seem.

No more is it enough to think that securing your iPhone with a simple 4 digit PIN is adequate.

Online criminals remain at least one step ahead of many IT groups, according to this year's "U.S. State of Cybercrime Survey," conducted annually by CSO magazine, the Secret Service, the Software Engineering Institute at Carnegie Mellon University, and PricewaterhouseCoopers. Deterrence and detection are both falling short of their goals: The 500 survey respondents faced an average of 135 security incidents last year, and 34 percent say that number was up compared to the previous year. Just one-third of respondents could estimate losses from their breaches; among those who could, the breaches cost $415,000, on average. Legal liabilities and lawsuits after breaches add to the costs.

The past couple of weeks have not been the best for Mac OS X's security reputation.

After several large breaches -- including the <a href="http://blogs.csoonline.com/1457/epsilon_hack_notification_letters">Epsilon</a>, <a href="http://www.csoonline.com/article/680689/sony-playstation-network-personal-user-data-stolen">Sony</a>, and <a href="http://www.csoonline.com/article/684463/citigroup-reveals-breach-affected-over-360-000-cards">Citigroup</a> incidents that left customer financial data exposed -- federal lawmakers are dusting the covers off of an old idea: national data breach notification laws.

While the race between industrial control system attackers and defenders didn't start with the Stuxnet worm, it certainly acted as a catalyst to a new arms race and more researchers taking a closer look at the quality of SCADA software.

It's no secret that the goal of modern malware writers is to create attack software that is stealthy and flows undetected for as long a period of time as possible. What's increasingly startling, however, is how pervasive custom malware has become as part of traditional attacks.

In the last three months of 2010 attackers managed to serve 3 million malicious advertising, or malvertising, impressions every day. That's the headline figure from a report released today from Web security firm Dasient. According to Dasient, that's a 100 percent increase from the preceding quarter.

It's no state secret that industrial and automation control systems have a way to go before they're resilient from targeted and sophisticated malware attacks. Just last week the International Society of Automation (ISA) announced that the ISA99 standards committee on Industrial Automation and Control Systems Security had formed a task group to conduct a gap analysis of the current ANSI (American National Standards Institute) ISA99 standards and modern threats against critical industrial systems, such as Stuxnet.

There's no doubt that the momentum in computing adoption is with mobile meaning enterprises will have to protect the communications that emanate from, and are sent to, these devices.