A new research that has revealed less than half of firms are able to detect IoT breaches. Only 48% of European firms can detect when any of their internet-connected devices have been breached, a survey shows. In the UK, this figure drops to 42%, the second lowest in Europe after France, where only 36% of companies polled said they can detect if any of their devices making up the internet of things (IoT) suffers a breach, according to the study. It goes on to suggest blockchain as a means of securing the IoT. Experts Comments below: Barry Shteiman, VP Research and…
ISBuzz Team
So MPs have voted against Theresa May’s deal, and the EU are ruling out reopening the agreement making ano-deal Brexit more likely than ever – what does this mean for the sharing of data? Hint – It’s not good! Expert Comments below: Chris Combemale, CEO at DMA: “In the wake of today’s no vote in Parliament, it is imperative that the Government formulate a plan B and avoid a no-deal Brexit at all costs. A no-deal Brexit would create severe uncertainty for the data and marketing sector and could potentially bring EU to UK data flows to a halt. This would have further…
The news was recently reported that Voipo, a Lake Forest, California-based communications provider, left a database containing seven million call logs, six million text messages and other internal documents containing unencrypted passwords unprotected without a password. The database was exposed since June 2018 and contains call and message logs dating back to May 2015. Just like last year’s Voxox breach, any intercepted text messages containing 2FA codes or password reset links could have allowed the attacker to hijack a user’s account. Experts Comments below: Stephan Chenette, CTO and Co-founder at AttackIQ: “It does not take much for outsiders to find unsecured databases…
An attacker could get free rein over buildings by exploiting the unpatched flaws to create fraudulent badges and disable building locks Tenable®, Inc., the Cyber Exposure company, today announced that Tenable Research has discovered several zero-day vulnerabilities in the PremiSys™access control system developed by IDenticard. When exploited, the most severe vulnerability would give an attacker unfettered access to the badge system database, allowing him/her to covertly enter buildings by creating fraudulent badges and disabling building locks. According to its website, IDenticard has tens of thousands of customers around the world, including Fortune 500 companies, K-12 schools, universities, medical centres and government…
While CISOs and security teams have been doing their best to find creative solutions to the never-ending security talent shortage, the industry continues to struggle to meet the current and future demand. A Cisco report pegged the amount of unfilled cybersecurity jobs in 2019 at 1.5 million. Nimmy Reichenberg, CMO at cyber security company Siemplify says, “Many have hired IT professionals and setup training programs to provide them with cybersecurity skills, and while this stopgap approach provides some relief, it is in no way a silver bullet. The greatest challenge lies in hiring experienced security professionals, and those can’t be created overnight. You can’t just…
There’s an inconvenient truth in the business community. As many business decision-makers are only too aware, hardly a week seems to go by without a data breach of some form being reported to press, and this year alone has witnessed some major breaches which have affected thousands of people around the world. Just take a look at the stats. In October last year, DNA testing firmMyHeritage suffered a breachaffecting 92 million people. Fast forward to March this year, and we learnt that the data of87 million Facebook usershad been shared. Then in June,Ticketmaster revealedthat the login information, payment data, addresses,…
A recent deep dive by The Wall Street Journal reconstructs the worst hack into the US power systems, revealing attacks on hundreds of small contractors. Rather than strike the utilities head on, the hackers went after hundreds of contractors and sub-contractors and worked their way up the supply chain. Industry experts have said that Russian government hackers likely remain inside some systems undetected. Andrea Carcano, Co-Founder and Chief Product Office at Nozomi Networks: “Recent reporting that deconstructs long-term hacking campaigns by sophisticated hacking groups like Dragonfly and Energetic Bear demonstrates some of the successful tactics used against utility companies in an attempt to hack…
With the excessive amounts of data circulating in today’s modern organizations, the importance offinding a perfect storage solution, that can safeguard data, is deemed more imperative than ever. As data generation shows no signs of slowing down, it’s necessary to realize and accept that neither backup alone nor cloud alone will likely be a sufficient storage and disaster recovery plan to protect all that data. Moving forward, companies will need to find a perfect balance between cloud and on-premises storage to fit their unique needs. When Disaster Strikes… Organizations are storing and retaining more information each day than ever before.In…
Another huge leak of government information – a huge amount, 3 terabytes, of unprotected data from theOklahomaSecurities Commission wasuncoveredby Greg Pollock, a researcher with cybersecurity firm UpGuard. It amounted to millions of files, many on sensitive FBI investigations, all of which were left wide open on a server with no password, accessible to anyone with an internet connection. Expert Comments below: Kevin Bocek, Vice President, Security Strategy & Threat Intelligence at Venafi: “Sensitive data is often shared in vulnerable places, soOklahoma’s potential breach of 3TB of FBI data isn’t especially shocking. However, if we examinesecurities.ok.gov, it appears that the state…
In response to news that200 million Chinese resumes were exposed in a MongoDBdatabase leakand there are indications the date was accessed at least a dozen timesexperts with OneSpan and Cequence offer perspective. Franklyn Jones, CMO atCequence: “It’s unusual for data breaches to yield such a rich set of data on individuals. Unfortunately, it provides fraudsters with the ability to acquire these stolen records on the dark web, then use automated bots for the purpose of synthetic account creation. Their goal might include using stolen IDs to establish a new line of credit, for example, which can lead to identity theft…