Anner Kushnir, VP of Technology at AlgoSec, looks at how the DevOps process can become more agile and more secure using a ‘connectivity as code’ methodology DevOps is all about agility, with fast, short delivery cycles and automation for software development and applications. Enabled by recently-introduced technologies such as virtualization, cloud and SDN, spinning up new servers, provisioning storage in a public or private cloud or even launching whole environments can take just minutes or even seconds. But if that new application, service or environment needs a change in network connectivity or firewall rules to enable it to work, then…
ISBuzz Team
In response to the news that Butlins has confirmed that the records of up to 34,000 guests have been accessed by hackers, IT security experts commented below. Rob Shapland, Principle Cyber Security Engineer at Falanx: “Although no credit card data was compromised, the personal data stolen from Butlin’s could be very useful for criminals conducting identity theft. Guests should be very concerned about this breach, especially those with future holiday dates already booked. The criminals will now know home addresses, and the dates those people will be on holiday, meaning they can target properties when they know they will be empty. The reputational…
In response to the precedent being set with the distribution of the Fortnite for Android app outside of the Google Play story, two experts with OneSpan offer perspective on the potential implications for banks and others relying on mobile channels for consumer transactions, as well as potential next moves the industry could take in reaction. Samuel Bakken, Senior Product Marketing Manager at OneSpan: “Just months ago, fake Fortnite apps for Android were running rampant outside of Google Play, and it’s now confirmed that Epic will not distribute the Android version of its Fortnite app on the Google Play store but instead will force Android users to…
Following the news of a Meltdown flaw in Samsung Galaxy 7 devices, Ian Andrews commented below about what organisations can learn from this vulnerability. Ian Andrews, Vice President, Products at Pivotal: “The complexity that the typical enterprise faces to defend themselves against data breaches and compromise is overwhelming. The meltdown vulnerability now being exploited in mobile devices only proves the point that no layer of the technology stack is permanently safe. The only way to address this is to build an organisation that is prepared for change. The days of celebrating a server OS running for months or years are…
Emma’s Diary, has been fined £140,000 after it was accused of illegally collecting data and selling it on for use by the Labour Party, Stephen Walsh, Sr Director, Security at CA Technologies commented below. Stephen Walsh, Sr Director, Security at CA Technologies: “It is understandable that organisations want to drive value from their data in the new digital economy. In fact, the 2018 Digital Trust Index found that the majority of UK organisations admit to using consumer data internally, while 47 percent of business executives admit their organisation sells consumer data – including personally identifiable information – to other organisations and business partners. However, consumers are…
IBM unveiled an experiment at the Black Hat event in Las Vegas where a new genre of AI techniques are set to take hacking to a new level, by building hacking programs that could slip past top-tier defence measures. Ilia Kolochenko, CEO at High-Tech Bridge: “We are still pretty far from AI/ML hacking technologies that can outperform the brain of a criminal hacker. Of course, cybercriminals are already actively using machine learning and big data technologies to increase their overall effectiveness and efficiency. But, it will not invent any substantially new hacking techniques or something beyond a new vector of exploitation…
The Cyber Threatscape Report 2018 released by Accenture, predicts a broadening of cyber attacks against global supply chains as cyber-criminals, espionage and hacktivist groups continue to target supply chains and the strategic business partners for monetary, strategic and political gain. Matan Or-El, Co-founder and CEO at Panorays: “Accenture has recognized the rising threat of the supply chain. In fact, this past year has demonstrated that attackers are increasingly going after the organization’s weak spot – their suppliers – as an easier way to get into an organization. While evaluating the security risk emanating from a supplier, it’s important to understand…
A newly discovered WhatsApp exploit is letting hackers intercept and manipulate messages sent in private and group conversations. Kevin Bocek, Chief Cybersecurity Strategist at Venafi: “The issue of WhatsApp chats being spoofed highlights a huge problem for the future: we have to be able to trust that our smartphones and the clouds that run them – machines that work around the clock for us – are secure and the Internet is trusted and private. It’s so easy to imagine how being able to imitate our friends and family members like this could cause havoc and enable bad guys to trick…
In light of the news that SEAT has begun roll-out of Amazon Alexa in its new Leon and Ateca models, please find below comment from David Emm, Principal Security Researcher at Kaspersky Lab. David Emm, Principal Security Researcher at Kaspersky Lab: “Installing Amazon Alexa in cars offers new opportunities, but it also adds security issues. Everyone wants to enjoy the convenience of new gadgets, but there needs to be a compromise between convenience and security. This new technology represents a proliferation of devices holding and sending/receiving personal data, so car manufacturers need to ensure that this technology is secure. “Since the…
According to a new report from the Office of National Statistics, 26 percent of smartphone users do not use smartphone security. In response to the news, please see below comments from security experts at Imperva, Synopsys, Outpost24, Cybereason and ESET: Terry Ray, CTO at Imperva: “Technically, just having a password on your phone could be construed as smartphone security. There are smartphone users that consider a password, thumbprint or facial recognition security enough, and then there are those who would look for additional software controls that monitor the phone’s internal activity as evidence of smartphone security. The threat to a…