Quantcast
Channel: Symantec Connect - ブログエントリ
Viewing all 5094 articles
Browse latest View live

IoT Networked Medical Device Cyber Security

0
0
Blog Feature Image: 
Twitter カードのスタイル: 
summary

Most IoT-enabled medical devices were manufactured without understanding the full implications of cyber-security.  While there have been no reported incidents of harm caused by such an activity, the potential definitely exists.  Johnson & Johnson announced on October 4th, 2016 that cyber security vulnerabilities could allow a perpetrator to remotely control a One Touch Ping insulin pump they manufacture. St. Jude Medical released a security patch on January 9, 2017 that addresses the possibility of hacking their implantable cardiac defibrillator devices.  In addition, there have been reports of these devices being used as an entry point to infect healthcare provider networks which could potentially expose them to a costly data breach. In short, an IoT enabled medical device can expose a person, hospital as well as its’ manufacturer to many risks.

Challenges

While device manufacturers have taken a lot of criticism for vulnerabilities, they face a number of challenges unique to healthcare. To begin with, medical devices could be used in different configurations:

  • In the home
  • Embedded in the patient’s body or
  • Across networks in hospitals.

Within hospitals, medical networks are fairly complex with devices of all classes and capabilities put together in different configurations. Considering that some of the medical devices stay in the healthcare provider networks for 15 to 20 years, manufacturers have to consider what technologies and software will be like in 20 years. In addition to these challenges, there are strict FDA regulations on re-certifying certain categories of life critical devices if any changes are made to it. The FDA has stated that in light of some of these issues “The Least Burdensome Approach” can be taken with the appropriate protocol. In certain cases, the oldest devices may not be capable of providing adequate security based on current or future standards. 

Insurance Coverage 

The costs associated with a serious design flaw could be staggering given a single negligence award can be in the millions.  There are many standard insurance products that would provide indemnification to both the medical device manufacturer and healthcare provider. Product Recall coverage can be purchased which would indemnify the manufacturer for the costs associated with any recall effort.  If a compromised device causes an injury, Product Liability coverage protects manufacturers against third-party lawsuits including legal defense costs.  Hospital General Liability coverage would respond to potential liability exposure emanating from a compromised medical device.  For a practicing physician, his Medical Malpractice Coverage would provide indemnification against third-party lawsuits as well.  Good risk management consisting of establishing cyber-secure medical devices along with proper insurance coverage significantly mitigates the risk manufacturers and healthcare providers face.  

Recommendations for IOT medical device providers

There are steps that manufacturers can take to help mitigate the problem. For the newer devices, there is a range of solutions available such as

  • Defining the identity of the device
  • Authenticating the device
  • Code signing the device and
  • Putting an additional layer of security solution in the device.

These solutions can work from the lowest end devices to the high-end devices and work within the constraints such as difficult updating procedures and devices with limited available memory. Generic security monitoring tools also exist which can provide a basic level of security. Over time, we believe monitoring tools catered to healthcare will emerge to provide a more robust security posture. For older devices, where possible, some of these solutions can be implemented. There are device security solutions, which can secure legacy devices with really old operating systems and hardware architectures. At a minimum, certain changes can be made such as default passwords on the devices can be changed. Educating the customer to be careful when connecting older devices to the network or USB ports is another effective risk measure. While some of this education can cost resources, it will create a safer environment and also save the manufacturer money in the long term by securing their brand and customer loyalty.

Recommendations for Insurers

  1. Any insurer that provides coverage to medical device companies needs to have an understanding of the IoT security embedded in those devices as a part of their underwriting process.
  2. Insurers with exposure to medical device companies need to understand the aggregation risk embedded in their portfolios due to the IoT risk.

Symantec protects over a billion IoT devices and offers the most comprehensive family of security technologies for medical equipment manufacturers.
For more information visit: https://www.symantec.com/solutions/internet-of-things

Symantec is using its aggregated data, intelligence and cyber expertise to help insurers understand the cyber risks in their portfolios, including cyber aggregation modeling.  
For more information visit: https://www.symantec.com/solutions/insurance

その他の投稿者: 

Attackers target dozens of global banks with new malware

0
0
Watering hole attacks attempt to infect more than 100 organizations in 31 different countries.

続きを読む

网络攻击者使用新型恶意软件向全球数十家银行发起攻击

0
0
网络攻击者采用水坑式攻击,企图对31个国家的百余家机构进行感染。

続きを読む

Sage 2.0 ransomware delivered by Pandex spambot, mimics Cerber routines

0
0
New variants of Sage ransomware sport Cerber-like behavior, although no definitive link was found between the two families.

続きを読む

グローバルな金融機関を新しいマルウェアで狙う攻撃者

0
0
水飲み場型攻撃で、31 カ国の 100 を超える組織が感染の危機にさらされました。

続きを読む

勒索软件Sage 2.0通过垃圾邮件程序Pandex传播,并效仿了Cerber的例程

0
0
勒索软件Sage的新变体,但这两种软件之间并没有明确联系。

続きを読む

Pandex スパムボットを通じて拡散する Sage 2.0 ランサムウェア、Cerber を模倣か

0
0
両者に明白なつながりは見つかっていないものの、Sage ランサムウェアの新しい亜種は、Cerber に似た動作を身に着けています。

続きを読む

Latest Intelligence for January 2017

0
0
The email malware rate drops due to Necurs botnet inactivity and two new Android malware families appeared.

続きを読む

Combat Advanced Malware With Security and Threat Protection Designed for the Cloud Generation

0
0
Blog Feature Image: 
Twitter カードのスタイル: 
summary

Hackers continue to show endless ingenuity in penetrating corporate networks. In fact, some recent malware attacks made headlines by crippling corporations, robbing shareholders, and damaging the credit of thousands of consumers. These attacks make it clear that cybercriminals continue to evolve, creating threats that can bypass the security defenses of many organizations. Some advanced malware can even sense threat defenses and mutate like a biological virus.

Determined hackers, coupled with the expanding adoption of cloud applications and the explosion of mobile workforce devices means that enterprises must find new ways to protect themselves from increasingly sophisticated, malicious attacks. It’s a daunting challenge; where can organizations find a solution to combat threats defined by devices, applications, and users everywhere? The answer can’t be found by looking to the stars. However, if you cast your line of sight toward the clouds, you’ll have a clue as to where you should look for a more innovative enterprise security solution.

The Issue: Evolving Nature of Threats

As network security advances, so does malware. It is more aware and adaptive than ever, looking for new delivery channels and mutating to evade behavior detection. A few examples include:

Virtual machine awareness—An increasing number of attackers are creating malware that can detect when it’s operating in a virtual sandbox environment and can execute techniques to disguise itself.

Polymorphic files and URLs—Malware files can morph and mutate like an infectious virus to escape signature-based detection. Using automated systems, hackers continually change the look of their files and flood these files toward your defenses, hoping one of them will penetrate and begin to operate. Attackers can do similar things with URLs by using domain-generating algorithms (DGAs) to mathematically compute new domains, making it difficult for techniques such as blacklisting to keep pace.

Multistage, multivector attacks—Sophisticated cybercriminals stage multiphase attacks to get through corporate defenses. Hackers select web-based, email, and file-based intrusions, coordinating them to achieve desired results.

Encrypted communication—Because most network security systems are unable to scan encrypted data to detect malware, hackers find it effective to use SSL to build communication tunnels between embedded malware and remote command and control (C&C) servers.

Misleading file types—Malware may masquerade as harmless files. For example, some malware files may pretend to be JPEGs but actually have executable files inside of them. Another malware file can later change itself into an executable (.exe) to unleash the malware inside your network.

User interaction triggers—Malware may pretend to be legitimate, displaying a friendly or familiar looking dialog box that asks users to install some software. When the user allows the installation, the malware goes into operation.   

Unique and targeted malware—Some malware can be incorporated into a targeted “spearfishing” attack. If it’s aimed at you, it will trick you into opening a file by using information specific to you. Once opened, the hackers go after the specific assets they’re looking for.

Enter: the Cloud (or Cloud-Delivered Security) 

Threat defense needs to be reimagined to address not only the sophisticated nature of the threats just described, but also to ensure it aligns with the realities of how organizations are accessing the web and corporate applications. If your workforce is increasingly distributed, with laptops and mobile devices going directly to the internet to access to SaaS applications, cloud-delivered security and threat protection needs to be on your radar. Cloud-delivered security can be easily provisioned to tackle the security and threat protection needs of all of your web traffic. And the benefit of a subscription-based service is that it can easily scaled up or down to meet changing needs. In addition to ease of deployment, you need to make sure it can deliver the top-notch threat prevention you require. A deeper look at Symantec cloud-delivered security service will help you understand why customers consider our solution to be truly enterprise-class. 

The Solution: Symantec Cloud-Delivered Security, Malware Analysis Services  

Symantec Research and Development organization has been busy working to ensure we have strong capabilities to address evolving new attack techniques. We developed a multitiered system that includes advanced analysis techniques to identify and neutralize malware designed to evade detection technology. These techniques block known threats, analyze anything new and unknown, and combat evolved attacks. The entire system is designed to make sure that you get enterprise-class protection while ensuring that false-positives remain extremely low (so precious security and incident response personnel are not wasting time chasing false alarms).

SymantecCloud.png

Web Security Service Leverages the Symantec Global Intelligence Network

Symantec cloud-delivered Web Security Service (WSS) is fed by our global intelligence network (GIN), the world’s premier civilian cyber defense threat intelligence service. The GIN gives your enterprise the ability to filter URLs into granular categories with defined risk scores. The network uses threat information and telemetry data from 15,000 enterprises and 175 million consumer and enterprise endpoints to categorize and analyze threats posed by more than a billion previously unseen and uncategorized websites each day and more than two billion daily emails sent/received by our customers. Symantec’s unique expertise and analytics uses this information to define the “known bad” files and locations your organization should avoid. Web and file access control policies set in the Symantec WSS ensure that the “known bads” stop at your doorstep and don’t harm your company. The Symantec WSS also leverages content analysis capabilities that perform further analysis on risky files using dual malware engines, as well as comparisons against blacklist/whitelist files. 

Symantec Malware Analysis Service

Because it’s extremely difficult for malware authors to evade both virtual and emulative environments, the Symantec Malware Analysis Service works with Symantec WSS to add behavior analysis and sandboxing capabilities for advanced threat detection and prevention. The service uses a powerful combination of emulation and virtualization to identify malicious code. Virtualization takes place in a virtual machine that is a fully licensed version of Windows in which the user can install any application  (Office, Adobe, Quicken, or custom applications). We call it Intelligent VM (iVM). The emulative sandbox environment is not Windows software; it’s a fully recreated computing environment based on a Windows-like API. In this completely controlled artificial space, users can make the malware think it’s interacting with a real computer.

The Cloud Makes it Easy—Give it a Try

The Symantec WSS, along with the integrated Symantec Malware Analysis Service, is designed to give you the protection you need to deal with the rapidly evolving advanced threats that are attacking your network each and every day. Contact us to learn how to use our subscription service can help your enterprise protect your corporate assets. Use Symantec to help you enable your enterprise by reliably passing the “known good” and protect your enterprise by reliably blocking the “known bad” and accurately analyzing the “unknown.” 

Learn more at go.symantec.com/cloudsecurity

Announcing Symantec Cloud Workload Protection

0
0
Securing Enterprise Journeys to the Public Cloud
Twitter カードのスタイル: 
summary

Enterprise adoption of the public cloud is accelerating at a pace even faster than expected. Drivers include tangible benefits such as business agility, cost reduction, and innovation with a growing kaleidoscope of use cases:

 Big Data Analytics

 New Application Development 

 Web Retail Scalability 

 Cloud Bursting Needs

 AI / Machine Learning 

 IoT / Mobile Initiatives

Cloud Security Concerns

During this revolutionary transformation, our customers are demonstrating an urgency to understand their options for building a world-class cloud security program. Along with user protections, these plans often include securing critical data and applications in the cloud. There are three key challenges inherent in accomplishing these goals.

First, CISOs need an accurate accounting of everything happening in their public cloud deployments. To construct this picture, security teams need visibility into instances that are moving in and out of production, along with an incisive view into security postures. Only with a continuous and comprehensive inventory of workloads in use can teams begin to secure them.

Next, the security controls must be proven and highly effective. As a last layer of defense against attackers, controls for operating system and application protection are critical to protect against advanced threats and zero-day exploits.

Finally, security must be integrated into cloud operations. Modern application development best practices require cloud-native security solutions that integrate with DevOps “continuous deployment” workflows. As cloud infrastructure scales to support business agility, security cannot be an after thought and must deploy seamlessly with cloud infrastructure.

Today we are pleased to announce Symantec Cloud Workload Protection, our latest offering for securing enterprise data center migrations into the public cloud. This new offering adds workload security to Symantec’s security portfolio for the cloud generation. Cloud Workload Protection provides elastic security for AWS and Microsoft Azure workloads via cloud-native integration, enabling businesses to enjoy public cloud benefits without worrying about the security and integrity of their brand as they offer new services to their customers.

Symantec Cloud Workload Protection is built to address these security challenges, offering a wide variety of features and benefits to support enterprise journeys to the cloud:

Discovery and Visibility of Public Cloud Workloads

·      Global visibility across AWS and Azure services

·      Automatic identification of workload security postures

·      Real-time visibility into infrastructure changes

Robust Security Across Public Clouds

·      Unique application isolation blocks exploits targeting known and unknown vulnerabilities

·      OS hardening stops zero-day threats

·      Real-time file integrity monitoring (FIM) prevents unauthorized changes

·      Real-time user activity and process monitoring identifies suspicious behaviors

Elastic, Cloud-native Protection

·      Security scales automatically with dynamic cloud infrastructure

·      Cloud-native integration with public cloud platforms enables DevOps to build security directly into application deployment workflows

·      Flexible, metered pricing allows security to expand rapidly with capacity spikes and shrink when workloads are retired to reduce costs

Some of our most important customers are already familiar with the benefits of using Symantec Cloud Workload Protection to protect their public cloud assets. In fact, the CISO of a large consumer packaged goods corporation has the following to say, “Symantec Cloud Workload Protection enables us to leverage the operational efficiencies of the public cloud while ensuring that our rigorous security standards are met.”

To learn more, visit the Symantec Cloud Workload Protection product page.

Also, we encourage you to signup for a free 60-day trial.

 

Symantec and other industry leaders announce expanded Cyber Threat Alliance

0
0
Cybersecurity consortium formally establishes rapid security intelligence sharing system to combat cybercrime and advanced attacks.

続きを読む

Dealing With the ‘New Normal’ in Security

0
0
How Symantec and BT’s partnership will improve security
Blog Feature Image: 
Twitter カードのスタイル: 
summary

BT customers are set to benefit from enhanced cloud security and simplified network administration, following its partnership with Symantec.

The new security perimeter.

Regardless of whether you’re employed within the IT industry, or a customer of it, you’ll be well aware of the massive digital disruptions currently underway. Every day, employees use various devices to access all kinds of applications and data, from any location — day or night. And they’re doing so for both professional and personal use.

This 24/7 reality — with the same person constantly and dynamically moving between employee, individual, and community personas throughout the day — is the ‘new normal’ that IT professionals must deal with.

The threats to your traffic.

While the always-on nature of today’s consumer/employee can bring tremendous productivity benefits for enterprises, it also introduces new risks. Traffic flowing freely over a diverse set of devices, networks and apps dramatically increases the attack surface for hackers and cyber criminals.

In many ways, the new perimeter for enterprises is defined by whatever devices, apps or networks their data touches. This is a huge challenge for organisations with limited budgets and security teams that are already stretched painfully thin.

What to do? Clearly, an encrypt-everywhere strategy to make data inaccessible to the bad guys is part of the answer. We’re seeing this more and more with over 50 per cent of network traffic now encrypted.

This is also true of the majority of web traffic — with the next generation HTTP 2.0 protocol all traffic will require encryption. However, hackers are wise to this trend and have found ways to turn it to their advantage. They’ve found sophisticated ways to hide malware and malicious code in SSL and TLS encrypted traffic to successfully penetrate networks and then extract critical data.

Blinded by encryption.

Many threat detection and prevention systems are blinded by encrypted traffic — they cannot block and defend what they cannot see. And even if they have some limited encryption-visibility capabilities, they are wholly inadequate to deal with the current crop of sophisticated multi-phase and multi-stage attacks. These attacks are designed to launch in discrete encrypted packages, reassemble into malicious code once they pass into the network, and then decrypt and find their way back together to begin an attack.

We are also seeing attackers harness the chaotic, always-on nature of digital users. People who are exercising their devices for personal and professional uses in their alternating daily personas to access data and apps from all types of networks (corporate, airport wi-fi, LTE, etc.) with varying security layers. This sort of environment is ideal to launch multi-phased and multi-staged attacks, penetrating networks over time, masked within encrypted traffic.  

A scalable, learning security platform.

We believe that the solution for this security challenge is an integrated, always-on, encrypted traffic management security service from a global Tier 1 service provider. This managed security service must be built on a cyber-security platform that spans the four essential domains that need to be secured: identity/data, endpoint, network, and application.

This platform must be informed by a global network of real-time threat intelligence that stays ahead of the most advanced cyber criminals. It needs to be able to see into encrypted traffic, and orchestrate anything that appears suspicious to advanced tools for further investigation and remediation. Plus, as a managed service, it needs the horsepower to minimise any performance impacts while the service scales. And all of this has to happen at cloud speed.

A stronger security strategy.

This is the digital transformation journey that Symantec has partnered with BT for. Our joint Hybrid Cloud and SSL Visibility Appliance (VA) service is purpose-built to help organisations of all types and sizes control the web and cloud access of their employees, across all of their regularly interchanging personas.

It can identify sophisticated threats concealed in SSL-encrypted traffic and immediately take steps to block these from causing any harm. Informed by the Symantec Global Intelligence Network, the world’s largest civilian threat intelligence network, it categorises and analyses threats posed by billions of previously unseen websites and customer emails daily.

To find out more about the partnership, and how we’re working to provide the best managed security service, have a read of the details in our press release.

2017年1月最新情报

0
0
电邮恶意软件比例因Necurs僵尸网络停止活动而所有下降。两种新安卓恶意软件浮出水面。

続きを読む

GSS Feature Request: Ghost Solution Suite Web console (recompile the DS 6.9 web console with new .NET)

0
0

Deployment Solution 6.9 (the technology on which GSS 3.x is based) included a web console for triggering remote actions. It is possible to run the full console installed remotely but this can sometimes cause a performance issue over slow links. The web console solves this issue by providing a cut down set of capabilities accessible from a browser.

With GSS 3.0 we did not include the web console due to it requiring a lot of effort to refresh it, including recompiling it with a new .NET version so that it can run on server versions above Windows Server 2008. This feature is about bringing back the web console and supporting it with GSS 3.0.

The alternative option is to build a new remote access console, possibly built in the cloud, that will fully replace the existing console. This will clearly be more effort but will bring us closer to our vision of refreshing the GSS UI with modern technology.

Please respond to this feature with your support for this feature or any input you feel might help.

This blog will be updated as we further develop this feature request.

Symantec Cloud Security Platform - Unifying a Fragmented Security Infrastructure

0
0
Twitter カードのスタイル: 
summary

Cloud security is many things. It can secure your mobile workers and remote offices. It can reach into your Office 365 and SaaS cloud apps to monitor user behaviors and analyze content for potential compliance issues. It can filter your email to keep you free from spam and protect you from threats. It can host your endpoint security console. Cloud security can do all this and more – But it’s not easy.

Cloud security has grown up in narrow segments focused on different subsets of cloud security issues, including CASB, access security, email security, solutions for AWS and Azure, and endpoint protection managed in the cloud. But, as the segments grow, vendors are asked to build extremely advanced capabilities in very complex areas like data security, threat protection, and encryption. When robust enterprise requirements are handed to startup vendors in new spaces, you have three big problems: 

  1. Minimally viable products that don’t serve the need of an enterprise;
  2. Lack of integration across different cloud segments, and;
  3. Lack of integration with the enterprise’s existing security infrastructure.

The result? Customers stitch together a patchwork of vendors and minimally viable services in critical security areas. They ask their startup access security vendor for CASB security, but are told to buy it across the street. Then, they realize that each startup has its own home-grown approach to threat protection and its own DLP. It’s hard to tell if it’s any good, but it sure doesn’t work together – or with their email security or endpoint technology. It’s almost impossible to purchase, deploy, and effectively operate. It leaves them exposed as they try to embrace the cloud. But that confused state does not need to stand.

Symantec Cloud Security Platform

Symantec has driven to fulfill a security vision for the Cloud Generation. In a world of fragmented security infrastructure, Symantec is focused on unifying cloud and traditional on-prem environments, to integrate critical security and compliance services to protect users and organizational data everywhere. Even extending beyond our own capabilities through a robust, open platform and partnerships.  

SymantecCloudSecurity.png

Symantec has acquired aggressively to add best in class technologies for Web and Internet Access Security, CASB and email. We’ve driven integration ruthlessly – focusing on streamlining the deployment and operation of our services, driving market leading DLP across all cloud properties, deploying advanced threat protection in all cloud segments, and integrating the collective intelligence across all those segments with our Global Intelligence Threat Network. We’ve simplified the extension of your security and compliance policies to the cloud. And we’re driving innovation for beyond tomorrow. Here are just a couple highlights of recent releases.

Securing Users and Data Beyond Traditional Borders

  • New Integration of Symantec DLP into our Web Security Services. Now one DLP policy extends across cloud-delivered email security, CASB security, Web/Internet Access Security, as well as on-premise DLP.
  • New Malware Analysis Advanced Services on Web Security Service (Dec ‘16). Completes the deployment of advanced threat detection technologies within each cloud segment, tied together by our Global Intelligence Network and the largest civilian threat research team in the world.

Securing Public Cloud Infrastructure and Platform as a Service (IaaS and PaaS)

  • New Cloud Workload Protection to Secure Containers and Workloads in MSFT Azure and Amazon Web Services. Monitors application workloads and processes to protect applications from unknown exploits and prevents unsanctioned application deployments.
  • Newly Available ProxySG and Web Application Firewall on AWS. Delivers critical protections for web applications on public cloud infrastructure. The innovative approach enables activity policy enforcement and efficient operations to overcome the failures of the WAF industry due to complexity.
  • New CASB Securlet for MSFT Azure PaaS (already available for AWS). Provides detailed user activity logging, account breach detection, automated incident response actions and investigation tools to navigate incidents.

Inspired, United, Ignited: Symantec’s Corporate Responsibility Champions

0
0
Clarissa De Agrela, Website Security Solutions, SSE Site Coordinator at Symantec
Publish to Facebook: 
No

From increasing the diversity of our workforce and industry to reducing our environmental impacts to empowering our communities through philanthropic investments and volunteering, corporate responsibility (CR) touches every aspect of Symantec’s business. We’ve defined our strategy and are continually working towards our goals to operate as a responsible global citizen.

In addition to our dedicated global corporate responsibility team, every day Symantec employees across countries and business units collaborate to deliver on our mission of protecting our customers, our communities and our planet.

We are happy to feature a quarterly series – Inspired, United, Ignited: Symantec’s Corporate Responsibility Champions- that profiles stand out examples of our how our employees directly contribute to the implementation of our CR strategy. Some are leaders in our CR team, members of our Green Teams or champions for our employee resource groups, others are innovating to address needs in their function or region. All are inspiring others, uniting communities and igniting change to make Symantec a leading corporate citizen and to make our world a safer place.

Today we highlight Clarissa De Agrela, Website Security Solutions and SSE Site Coordinator at Symantec Cape Town, South Africa.

  1. Please describe how your role supports Symantec's Corporate Responsibility initiatives and strategy – both globally and within your region?

As the Site Coordinator for Symantec’s Cape Town office, my primary responsibility is ensure we have an Emergency Response and Evacuation (ERE) team in place, enough coverage as we are a growing location that works around the clock, and that we are prepared for emergencies with the supplies needed (e.g. first aid kits placed around the building, among others).  

Additionally my responsibilities include:

  • Coordination of annual evacuation drills (which is coordinated by our facilities team)
  • Ensure recruitment and training schedules are developed, implemented and rolled out. For example, Should members of our ERE team leave the organization, certificates expire, or if we expand and require additional recruits, an email is sent to the entire location giving everyone the opportunity to apply to either be a Fire Warden or a First Aider.
  • Coordination of ERE program inquiries and recruiting requests
  • Screening of interested ERE members
  • Coordination of ERE team resources
  • Maintenance of training records
  • Attendance at ERE program meetings
  • Inventory and ordering of program supplies within budget allocation

Additionally, I have taken on the responsibility of running all employee resource groups (ERG) at our location. When I began at Symantec, the Events Committee and Community Relations Committee were our two primary groups for coordinating employee participation. We then formalized these and added the Symantec Women’s Action Network (SWAN) Committee and the Symantec Black Employee Resource (SYBER) Committee.

With these employee resource groups (ERGs) in place it has helped Cape Town expand and deepen its community relations participation and efforts, build a unique local culture, drive diversity and inclusion, as well as have fun while we all work towards meeting business goals.

Furthermore, Cape Town ERGs contribute to Symantec’s global network of ERGs and play an important role in delivering on Symantec’s diversity and inclusion strategies. ERGs help build cultural awareness, provide a sense of belonging for employees, serve as ambassadors in the broader community by volunteering and advocating on issues, and foster innovation to support the growth of Symantec's business.

  1. How did you move into this role? Was it due to a personal passion/interest, development opportunity, project opportunity?

I began my career at Symantec as a sales representative, however, nine months ago I took on the Site Coordinator role as additional responsibility and now have a dual role. When I became the Site Coordinator, part of my responsibility was to manage the ERE team. At this time, the majority of our First Aiders and Fire Wardens certificates were about to expire and we were lacking sufficient members as our location had expanded rapidly over the years.

In October 2016, I began recruiting for the ERE team as we required additional Fire Wardens and First Aiders. To my surprise, we had an overwhelming response as to how many people actually wanted to volunteer. 50+ people volunteered and we now have 19 First Aiders and 20 Fire Wardens.

  1. What advice would you give to encourage employees to become involved in corporate responsibility at their company? Especially those that may not feel their knowledge/skills are relevant, or understand how corporate responsibility relates to what they do?

Whether it is celebrating Women’s Month, rewarding those that go out of their way to contribute, or simply coming together to celebrate seasonal holidays, in Cape Town we go out of our way to foster a winning, dynamic, diverse and inclusive culture. Additionally, from community volunteering to local sporting events, we strive to offer a diverse array of events providing a chance for each person to become involved.

One thing I have learned in my dual role is that taking the first step to get involved is often the hardest part. While everyone has limited time, varying interests, and different passions there is always a way to become involved. Do you work better in groups or alone? Are there opportunities in your current role or region to support corporate responsibility? Do you want to connect with colleagues from similar backgrounds or do you have a passion for giving back? If your office does not offer an opportunity that matches your interests, how can you start your own initiative?

Thank you Clarissa for all of your hard work!

シマンテックなど業界大手 6 社、サイバー脅威アライアンスの拡充を発表

0
0
サイバーセキュリティの業界団体であるサイバー脅威アライアンスは、セキュリティインテリジェンスを迅速に共有してサイバー犯罪や高度な攻撃に対抗する体制を公式に発表しました。

続きを読む

赛门铁克和其他业界领袖宣布扩大网络威胁联盟规模

0
0
网络安全联盟正式建立安全情报快速共享系统,以打击网络犯罪和高端网络攻击。

続きを読む

2017 年 1 月の最新インテリジェンス

0
0
Necurs ボットネットの活動が停滞したためにメールマルウェアの比率は減少しましたが、Android では 2 つのマルウェアファミリーが新しく出現しました。

続きを読む

New Research: Healthcare Organizations Bolstering Cybersecurity Budgets and Resources, but Significant Challenges Remain

0
0
Publish to Facebook: 
No
Twitter カードのスタイル: 
summary

Today, Symantec and HIMSS Analytics announced the results of our second annual HIMSS Analytics IT Security & Risk Management Study, which examines where healthcare organizations stand with their investments and efforts to strengthen their security postures.  We also developed an infographic that summarizes the research findings.

Some of the highlights:    

  • The number of employees allocated to IT security is starting to rise
  • More organizations are adopting established cybersecurity frameworks
  • Additionally, two-thirds of organizations have a dedicated full-time chief information security officer, who most often reports to the chief information officer – showing increased focus at the top

But, significant challenges still remain:

  • More than half of respondents have been subjected to at least one external cyber-attack in the last 12 months – and we suspect that number is actually much higher
  • IT security budgets have increased since 2015, but still tend to be six percent or less of the overall IT budget
  • And, despite increases to security staffs and budgets, organizations say they remain the biggest barriers to improving confidence in security programs
  • Why?  A disconnect between the “business” and IT sides of healthcare may be to blame.  On average, clinical and business respondents report much higher confidence in their organization’s cyber-attack preparedness than their IT and security counterparts

I’ll be doing a deep dive on the study findings at HIMSS next week, each day (Feb. 20-22) in our booth (#1733) at 11:30 a.m.  I will also present on the study findings in the HIMSS Analytics booth (#2133) at 2 p.m. on Monday, Feb. 20.  We also encourage HIMSS attendees to check out our other sessions with some of our top healthcare cybersecurity experts.

These are challenging times in healthcare cybersecurity, but we look forward to gathering at HIMSS to discuss how we can work together to develop integrated cyber defenses that protect critical healthcare information and systems, and support patient care. 

Viewing all 5094 articles
Browse latest View live




Latest Images