UK government has just published its first attempt at setting a minimum cyber security standard for public sector organisations called the Minimum Cyber Security Standard (MCSS), which will be incorporated into the Government Functional Standard for Security. Peter Batchelor, Director at Skybox Security, argues that although this might initially look like progress, the document is ambiguous in its design and departments need more guidance to achieve the best cybersecurity standards. Peter Batchelor, Director at Skybox Security: “The Government’s new Minimum Cyber Security Standard (MCSS) is a vital move towards improving the security of public sector organisations. However, it is unfortunate that it…
ISBuzz Team
With the GDPR deadline now passed, the sigh of relief from IT departments up and down the country was almost audible. IT teams were thrown the challenge of working out what was needed to meet the GDPR guidelines as it was thought to be a security issue. It swiftly became apparent, however, that it was a people and process issue and not a technology one. So IT passed the buck on to the legal, HR and finance departments. But as companies gained a handle on the policies and procedures they needed it quickly became apparent the IT department would be…
Cybercriminals looking to make a profit are turning their attention towards an industry known for housing sensitive consumer data with weak security protocols: healthcare. In April of 2018, Utah-based company HealthEquity reported 23,000 accounts were compromised in a data breach when an employee fell for a phishing scheme. As a result of human error, information like employee names, deduction amounts and social security numbers were exposed. The HealthEquity breach is hardly an isolated incident in healthcare. A former employee, for example, was caught inappropriately accessing the medical records of 29,000 patients at SSM Health in St. Louis, Missouri. In Chicago,…
Although they acknowledge the rising risks of connectivity, many industrial organisations are failing to put practical steps in place, to improve the security of their operational technology The trend for digitalisation, including increased connectivity and IoT, is growing among industrial organisations such as power plants, manufacturers, and water treatment centers, which rely on industrial control systems (ICS) for their operations. It’s a trend that comes with acknowledged cybersecurity dangers – 65% of companies believe that ICS security risks are more likely with IoT. Yet, Kaspersky Lab has also unearthed a contradiction among the industrial community. The company has found that…
NHS is set to launch its own mobile app to put patients in touch directly with GPs. The app will allow users to book appointments, order repeat prescriptions and see their medical files held by the surgery. Robin Tombs, Founder and CEO at Yoti commented below. Robin Tombs, Founder and CEO at Yoti: “Improving the efficiency of the NHS with smartphone technology is win/win for GP’s and patients, especially as more of our daily lives are carried out online. While convenience and usability are key to any service, privacy and security must be core to the app due to the sensitive personal nature of healthcare…
Four in 10 UK CEOs believe becoming a victim of a cyber attack is now a case of ‘when’ and not ‘if’ for their organisation, according to a survey of CEOs from some of Britain’s biggest businesses. KPMG surveyed 150 UK leaders and a further 1,150 CEOs from across the world about their future investment plans and the challenges and opportunities facing their companies. Commenting on the news are the following security professionals. Javvad Malik, Security Advocate at AlienVault: “Being attacked, or targeted in a cyber-attack is unfortunately one of the costs of doing online business in todays connected world.…
WatchGuard’s Q1 2018 Internet Security Report reveals a rise in crypto-miner attacks and geographically targeted malwarecampaigns WatchGuard® Technologies’ latest Internet Security Report reveals that 98.8 percent of seemingly common Linux/Downloader malware variants in Q1 2018 were actually designed to deliver a popular Linux-based cryptocurrency miner. This is just one of several signs that malicious crypto-mining malware is becoming a top tactic among cyber criminals. The report details delivery mechanisms for these crypto-miner attacks and explores other prevalent security threats targeting small to medium sized businesses (SMBs) and distributed enterprises. The findings are based on anonymised threat intelligence from nearly 40,000 active WatchGuard UTM appliances worldwide, which blocked more than 23 million malware variants (628 per device) and over 10 million network attacks (278 per device) in Q1 2018. “Our Threat Lab team has uncovered multiple indicators that suggest…
Technology industry executives commented this morning as part of our security experts comments series on the California Consumer Privacy Act of 2018 that was passed yesterday. Pravin Kothari, CEO at CipherCloud: “The trend in data privacy is not your friend right now. In the wake of the newly enacted General Data Protection Regulation in the European Union that just went into effect in May, and in the shadow of the pending U.S. Cloud Act and the U.S. Encrypt Act, California’s new regulation sets the bar higher than ever before for U.S. companies. It is pretty clear that companies doing business in the…
In response to the news that cash machines fee cut has prompted fresh rows and wanted to get in touch to share a comment from David Orme, SVP at IDEX on how this will move the UK further towards a cashless society with added support from biometric payment solutions. David Orme, Senior Vice President at IDEX: “The news that hundreds of ATMs are likely to close, following a reduction in fees for cash withdrawals over the next four-years, highlights the fact that we are swiftly moving towards a cashless society. Whilst the cost to operators per cash withdrawal has been reduced, this is not sustainable…
Hackers have exploited a web application vulnerability on a FastBooking server to install malware and pilfer data – such as names, email addresses, booking information and payment card data – on guests at hundreds of hotels. Mark Noctor, VP EMEA at Arxan Technologies, comments on this latest breach and explains just how risky application vulnerabilities are for a business. Mark Noctor, VP EMEA at Arxan Technologies: “This most recent exploited web app vulnerability is not a huge surprise to us, yet most people do not realise just how many vulnerable applications exist. Even yesterday’s Gartner report on Application Shielding highlighted that, within…