Linux is widely considered to provide a higher level of security than traditional operating systems.
As a result, security tools such as anti-virus software are often ignored on the Linux platform.
However, Linux is increasingly popular with attackers, because Linux systems are often used for critical roles such as developer workstations, web servers and internal file servers.
A new study from the Centre for Economics and Business Research (CEBR) has found that data breaches are costing UK businesses £34 billion a year. The report suggests this is made up of £18 billion in lost revenue and £16 billion in added security measures after breaches have occurred.
It’s the same the world over. According to a 2015 Ponemon Institute study commissioned by IBM, the global average cost of a data breach to an organization has reached $3.8 million – on average, $154 for every single compromised record. It’s significantly higher in the US and Germany, where the costs are $217 and $211 per compromised record, respectively. These are quite staggering figures.
Now, it’s not uncommon for companies who sell cybersecurity services like IBM and Sophos to talk big numbers like this. After all, clearly we think it’s good to see businesses are investing in doing something about this problem. But you do have to wonder if those billions are being spent effectively. As leaders in the security industry, we have a crucial role to play to ensure they are. We need to deal with the growing complexity of threats without introducing more complex solutions, and cost.
Recently we asked a bunch of IT professionals if they install antivirus on their servers. Their answers were quite surprising.
Out of 486 IT professionals we surveyed, only 284 (58%) said they run antivirus on both Windows and Linux servers.
The rest said they either don’t bother with antivirus on Linux servers (34%), or don’t run antivirus on any servers at all (8%).
If you couldn’t make it to San Francisco for RSA Conference, we’re bringing you great content and news from the event on our blogs and social media channels.
We also broadcasted from RSA via podcast – bringing you the expert opinions of our top security gurus, who took time away from their presentations and booth talks to reflect on the interesting themes and serious discussions happening at the conference.
There’s so much going on in the security world, and Sophos experts cut through the noise succinctly and intelligently in our (brief, informative, fun) podcasts.
We are well into the 21st century, but it is astonishing how people can still believe that Linux-based operating systems are completely secure. Indeed, “Linux” and “security” are two words that you rarely see together.
Just as some people believe Macs are immune to viruses, some Linux users have the same misconception – and who can blame them? After all, vendors have been telling them that for years.
In 2012, after an exponential rise of OS X malware (such as MacDefender and Flashback), Apple decided to change its homepage by removing sentences like “It doesn’t get PC viruses.”
In the last couple of days, a widespread Linux vulnerability known as GHOST has been receiving a lot of attention in the security community. In theory, this vulnerability can allow an attacker to remotely execute code on a Linux computer. There is already proof of concept code that puts this theory into practice, and it is expected that real world attacks are just around the corner.
The Sophos product teams have been thoroughly investigating to determine which of our products are affected and what is necessary to address those that are.
A type of data-stealing malware called Vawtrak is spreading in countries around the world, controlling thousands of computers while silently draining the bank accounts of its victims.
Analysis of the malware by James Wyke, Senior Threat Researcher with SophosLabs UK, indicates that the people behind Vawtrak are targeting banks and other companies in a very methodical way in a number of countries, including some that aren’t commonly targeted by banking malware.
In his fascinating new research paper on the subject, Vawtrak – International Crimeware-as-a-Service, James enlightens us about the mechanics of this cybercriminal enterprise, and the steps taken by this crafty and deceptive malware as it steals account details and transaction tokens directly from victims when they visit the websites of their financial institutions.