Top c-suite executives from the likes of Airbnb, PayPal and Spotify have recently revealed they have willingly spent more than $50m (£38m) on ethical hackers to tighten up their cyber defences and avoid expensive and disastrous data breaches. Whilst it may seem unreasonable to hire hackers, a growing number of high profile businesses are now turning to ethical hackers to hack into their organisation, to spot vulnerabilities and test how robust their security systems are. https://twitter.com/morodog/status/1123951797155004416 Expert Comments: David Warburton, Senior Threat Evangelist at F5 Networks: “While it may sound counter-intuitive to make use of hackers to help plan and test our cyber defences, the one thing they have in…
ISBuzz Team
Microsoft’s security chief has urged people to ditch passwords and adopt biometric technology. https://twitter.com/TravisMorleyLaw/status/1124992375712100352 Karl Barton, International Channels and Alliances at SecureAuth: “Our continued reliance on passwords is not sustainable and ultimately fails users. Experience shows us that passwords are an archaic method of authentication, is no longer enough against today’s threat landscape and are not user convenient. The reality is that people will continue to reuse passwords across multiple resources – despite advice against this – allowing stolen credentials to have far reaching consequences. Biometrics is taking an increasing role in security as it can have the dual benefits of…
In celebration of World Password Day, it was reported that hundreds of Orpak gas station systems can be easily hacked thanks to hardcoded passwords. The systems set the price of the gas, process card payments and monitor the amount of fuel stored in a gas station’s tanks as well as their temperature and pressure. That being said, access to these systems would allow anyone to have a field day with the capabilities of the software. https://twitter.com/usamaofkarachi/status/1124055479141924864 Carl Wright, CCO at AttackIQ: “Insecure software development and insufficient use of security best practices is creating significant shared risk for both consumers and commercial organizations. …
Following the news that Microsoft’s security chief has urged people to ditch passwords and adopt biometric technology, David Kennerley, Director of Threat Research at Webroot, who believes that biometrics aren’t a cure-all solution commented below. David Kennerley, Director of Threat Research at Webroot: “The security industry is no stranger to hype, and we should be wary of rushing to consign passwords to the history books. Fingerprints, voice and facial recognition are increasingly being touted as go-to methods for securing devices and services. However, they are also a risk in themselves. Hackers have successfully used face masks to access the iPhone X, and, recently,…
While reputation and consumer privacy are the biggest drivers for CCPA compliance, only 55% of companies plan to be ready by the law’s Jan. 1, 2020 effective date, according to new OneTrust and IAPP research. https://twitter.com/morodog/status/1123852893826813953 Jonathan Deveaux, Head of Enterprise Data Protection at comforte AG: “GDPR ‘raised the bar’ for data privacy awareness for companies in the US because the regulation put privacy controls in the hands of the consumer. CCPA is similar in this regard, as the law will require organizations to provide consumers with legal ‘rights’ based on the data collected. Organizations must offer data protection for personal information, and be…
Please find below a comment from David Orme, SVP at IDEX Biometrics, in response to today’s news that Philip Hammond has ditched plans to scrap 1p and 2p coins as part of plans to stop the UK going cashless. In this comment David argues the future is cashless, but banks, with Governments support, need to do more to ensure those that heavily rely on cash are support through the move towards a cash-less future. David Orme, Senior Vice President at IDEX Biometrics: “The news today that Philip Hammond has ditched plans to scrap 1p and 2p coins as part of plans to stop the…
It has been reported that the U.S. Department of Homeland Security (DHS) this week issued a new Binding Operational Directive (BOD) instructing federal agencies and departments to act more quickly when it comes to patching serious vulnerabilities in internet-exposed systems. Specifically, BOD 19-02 gives government organisations 15 days to address critical vulnerabilities and 30 days for high-severity flaws. The countdown starts when a vulnerability was initially detected, rather than when it was first reported to agencies. Internet-exposed government systems undergo Cyber Hygiene scanning to help agencies identify vulnerabilities. James Hayes, Vice President of Global Government Affairs at Tenable: “Earlier this week the U.S. Department of Homeland Security…
According to the Global Risk Report by the World Economic Forum, the threat of cyberattacks are now among the top three global fears identified by world economic leaders, along with natural disasters and terrorism. Such concerns are clearly warranted, as research from Juniper suggests that cyber breaches will cost businesses a collective $2 trillion in 2019 alone. As the threats multiply and grow more complex with increasingly burdensome consequences, many organizations remain in constant search of new tools, technologies and best practices to reduce risk. This is especially true for email security and phishing mitigation, as email remains the primary attack vector, with…
It has been reported that President Trump issued an executive order on Thursday that introduces new initiatives and expands existing national efforts aimed to “grow and strengthen” America’s cyber workforce. In response to the news, IT security experts commented below. Laurie Mercer, Security Engineer at HackerOne: “Any company that has tried to hire cybersecurity talent in the past 12 months will know that there is an acute shortage of security skills. It’s good news for those with the skills that the US government is willing to go above and beyond in terms of offering competitive compensation for those with the skills. However, it’s this…
Barracuda Networks’ researchers found that more than 1.5 million malicious and spam emails were delivered by threat actors using roughly 4,000 accounts compromised via ATO during March 2019 within a single month https://twitter.com/GRComputers/status/1123861779396923393 Expert Comments: Corin Imai, Senior Security Advisor at DomainTools: “The most important thing to remember in light of the percentage of Office 365 compromised by ATO attacks is that even known senders should not be trusted by default. Barracuda Networks’ findings should come as a reminder that we are all likely to receive at least some form of phishing email in our inbox, and that caution is a…