Are you working on cutting edge research on the future of cybersecurity policy? If so, you have less than 3 weeks left to enter our Cybersecurity 2020 essay contest for a chance to win the $5,000 cash prize! Read more.
Today marks the first day of the Security Development Conference 2013. Security professionals from companies, government agencies and academic institutions have traveled from all over the world to learn, network and share proven security development practices that can reduce an organization’s risk. As I sit here waiting for Scott Charney to take the stage, I am reminded that it’s been almost a decade since Microsoft implemented its Security Development Lifecycle (SDL). So much has changed in that time.
In the past decade, Internet usage has gone from roughly 350 million people online to more than 2.4 billion. Today there are more opportunities than ever before for developers. Windows 8 is still relatively new, the cloud is in its early stages of adoption and there has been an explosion in new mobile devices and platforms. While the Internet has created many new opportunities and ways to do business, it has also spawned a digital underground for online crime. Security breaches that have financial consequences or lead to intellectual property loss, website defacement or espionage have become a reality in today’s computing landscape.
Many of the developers I talk with generally recognize the importance of security development. Despite this, the evidence suggests that the vast majority of organizations still have not adopted security development as a fundamental professional discipline. Microsoft recently surveyed over 2200 IT professionals and 490 developers worldwide. The survey found that only 37 percent of IT Professionals cited their organizations as building their products and services with security in mind. Furthermore, 61 percent of developers were not taking advantage of mitigation technologies that already exist such as ASLR, SEHOP and DEP. These mitigations have been freely available to the industry for years and are often simple additions to existing development practices–and yet only a minority of developers are leveraging them. This is concerning to me and it should be concerning to everyone who uses the Internet.
Chances are you have your mobile phone with you right now. These devices allow us to keep pace with the demands of our busy digital lifestyles. They also allow us to tell everyone, everything, all the time. There are multiple opinions on the breakdown of social etiquette due to oversharing information, but there’s no denying that certain mobile phone behaviors are not only annoying, they may even be risky.
Whether it’s loud talkers or not silencing a phone during a movie, some mobile manners like pocket dialing someone because your phone isn’t locked, or tagging photos without permission, may put personal information at risk. But who is better at protecting their personal information? Men, or women?
At Microsoft, we want to know what you think. That’s why we’re kicking off our Mobile Manners and Mayhem Facebook poll. Rank your biggest mobile phone pet peeves and tell us your own mobile mayhem story. On May 20, we’ll release the results and reveal who is better at protecting themselves online, men or women.
At a very young age, we are taught to share. Share our toys, our thoughts, our gratitude. But in today’s digital society, all this oversharing online, may put us in harm’s way. Your personal information is a valuable commodity to criminals and, just like your personal computer, your mobile phone is equally attractive to those who would misuse this information.
Microsoft is looking for great student research on the future of cybersecurity policy. If you have conducted or plan to conduct such research, read on for information on how you can win a $5,000 cash prize for your research in our Cybersecurity 2020 essay contest.
Many organizations and governments around the world struggle to quantify the value of making security investments in an environment of increasingly complex business models, fast-moving technology shifts and ever-more sophisticated cyber criminals. In this fluid environment, it can be challenging to justify resources and budget for situations such as a security incident that did not interrupt business operations. Budget approvals often occur after an incident occurs and when the damage is already done. Given this dynamic, and the need to keep customers protected from changes in the threat landscape, Microsoft has remained committed to producing threat intelligence that can help inform different security investments.
We have long reported on the changing threat landscape through the Microsoft Security Intelligence Report (SIR). In a new, Special Edition SIR report released last month titled “Linking Cybersecurity Policy and Performance,” we provide insight into different socio-economic factors that can influence cybersecurity outcomes. The study examines how socio-economic factors, such as GDP per capita, broadband penetration, mobile devices and Facebook usage correlate with cybersecurity outcomes as measured by regional malware infection rates. This data is designed to help organizations and governments better understand the potential impact socio-economic factors have on cybersecurity and serve to inform security investment decisions.
Special Edition Security Intelligence Report Released – How Socio-economic Factors Affect Regional Malware Rates
Over the past several years I have had the opportunity to talk to customers and governments all over the world about the threat landscape and the data we publish in the Microsoft Security Intelligence Report (SIR). During these conversations regional malware infection rates always garner a lot of discussion. One of the most interesting questions I’m increasingly asked is what factors contribute to the differences in regional malware infection rates? Or what do regions with low malware infection rates do differently than regions with high malware infection rates? Our Special Edition Microsoft Security Intelligence Report: Linking Cybersecurity Policy and Performance released today provides a new body of research that speaks to these questions.
This article in our free security tools series focuses on the benefits of the Microsoft Security Compliance Manager tool (SCM). One of the most important tools for managing and securing Windows environments is Group Policy. Group Policy is often used in enterprise environments to help control what users can and cannot do on a computer system. IT Professionals typically leverage Group Policy for a number of reasons but one of its primary benefits is to help manage security for groups of systems and reduce support costs. While the value of Group Policy is clear, maximizing its potential can sometimes be a daunting task. To help ease the management process for Group Policy, Microsoft released a free tool called the Microsoft Security Compliance Manager (SCM).
Microsoft’s Free Security Tools – A Deeper Look at XSS Attacks and Microsoft’s free Anti-Cross-Site Scripting Library