14% of UK respondents regard Brexit as single greatest business risk, but only 4% say the same about poor information security One third of global business decision makers report that their organisation would try to cut costs by considering paying a ransom demand from a hacker rather than invest in information security. In the UK, this figure drops to a fifth (21 per cent) of respondents. The findings from the 2018 Risk:Value Report, commissioned by NTT Security, the specialised security company of NTT Group, show that another 30 per cent in the UK are not sure if they would pay or not, suggesting that only…
ISBuzz Team
Privacy expectations are escalating as we enter the “fifth generation of data security”. At the same time, large-scale multi-vector cyber threats are evolving faster than ever. With the advent of GDPR, we’ve reached a perfect storm for data protection. The default shorthand to describe GDPR is a “game changer for data privacy and security”. But, with its roots in a 19th century law essay as well as more recent directives, the arrival of this type of regulation should come as a surprise to very few. GDPR may, and probably will, prove to be game changing. With its lofty aim to…
Thousands of G-Suit Users using Google Groups have been exposing sensitive information through misconfigured Google Group Instances. Google has issued an official warning to users, after security researchers at Kenna Security found the leaks. Alex Calic, Chief Strategy and Revenue Officer at The Media Trust commented below. Alex Calic, Chief Strategy and Revenue Officer at The Media Trust: “Apart from the fact that the misconfiguration issue could have been easily avoided, another alarming issue with the Google Groups situation is that companies appear to be sharing highly sensitive information. This is a symptom of the absence of robust policies–and processes…
It didn’t stop with Cambridge Analytica. Over the weekend, the New York Times exposed the fact that Facebook gave device makers deep access to data on users and their friends. Rich Campagna, CMO at Bitglass commented below. Rich Campagna, CMO at Bitglass: “The news that device makers have been granted deep access to user data on Facebook serves as a reminder that data security risks can arise from malicious actors as well as other parties. With so many companies instituting bring your own device policies and allowing employees (who are often Facebook users) to access corporate information from their personal devices, it’s…
Google’s reCaptcha used to identify human customers can be subverted by automation through HTTP parameter pollution according to security researcher Andres Riancho who discovered the problem. Ryan Wilk, VP of Customer Success at NuData Security commented below. Ryan Wilk, VP of Customer Success at NuData Security: “As the saying goes, you cannot judge a book by its cover, but you can judge a captcha by its provider. The use of automated tools to commit Account Takeover (ATO) and create fraudulent accounts on a massive scale is growing. To stop this, many companies are using “freeware” captcha tools. The problem with…
New report shows that cybercriminals are concentrating their efforts on banks, government, and healthcare In a new report, Web Application Attacks Statistics 2017, Positive Technologies describes how vulnerabilities in web applications have enabled hackers to damage diplomatic relations, access lists of patients at plastic surgery clinics, steal enormous sums from cryptocurrency exchanges, and perform other far-reaching attacks. The most common types of attacks remained the same in 2017 as previous years, with cross-site scripting constituting nearly a third of all attacks. Other popular attacks involved the ability to access data or execute commands on the server, including SQL injection, Path Traversal, Local…
A new report, released earlier this week by ABI Research says that face and iris scanners will outpace fingerprint readers as a security measure. Ryan Wilk, Vice President at NuData Security, a Mastercard company commented below. Ryan Wilk, Vice President at NuData Security: “The authentication market is in an innovation race to develop convenient, easy ways to verify people online, as cybercriminals have subverted all the static identifiers (passwords, usernames, and others). Different types of effective authentication solutions are coming to the forefront and being surpassed at a frenetic rate – everything from fingerprints to iris and face scans. However, one thing that…
Hyper connectivity, regulatory pressures, and heightened customer expectations are all having a significant impact on how companies operate. From financial services to retail stores, applications are now central to a rapidly evolving digital landscape. Despite this, companies continue to make dangerous security compromises and F5’s recent 2018 State of Application Delivery (SOAD) report revealed that 36% plan to protect less than a quarter of applications. This mindset needs to change. App security plays a vital part of reputation management today. In fact, the EU General Data Protection Regulations (GDPR) has changed the data protection and usage game, empowering citizens to take ownership…
In light of the news that surfaced overnight regarding the European Commission leaking personal data on its website, which, for other organisations, would be considered a breach of the GDPR just days after the deadline came into force, Anthony Chadd, Senior Director of EMEA at Neustar commented below. Anthony Chadd, Senior Director EMEA at Neustar: “Achieving GDPR compliance is a clear challenge for organisations, so much so that, following a leak of personal data on its website, even the European Commission has failed to meet its own standards. While the Commission has confirmed the rules do not apply to it directly, this proves is that…
A North Korean cyber-espionage group has exploited an ActiveX zero-day to infect South Korean targets with malware or steal data from compromised systems, local media and security researchers have reported. The perpetrators of these attacks are known as the Andariel Group. According to a report authored by South Korean cyber-security firm AhnLab, the Andariel Group is a smaller unit of the larger and more well-known Lazarus Group —North Korea’s cyber-espionage apparatus, believed to be a unit of its military. IT security commented below. Andy Norton, Director of Threat Intelligence at Lastline: “Given the precarious political situation with North Korea, the fragile peace talks and…
