The ICO has just announced the findings of a survey which shows that only 20% of UK citizens trust companies with the storing of their data. There are some other great stats including: One in ten UK adults (12%) say they have trust and confidence in social messaging platforms storing and using their personal information. Less than one in ten (8%) of UK adults say they have a good understanding of how their personal data is made available to third parties and the public by companies and organisations in the UK. Fraser Kyne, EMEA CTO at Bromium highlighting that the cybersecurity industry…
ISBuzz Team
Asher Benbenisty, Director of Product Marketing at AlgoSec, looks at how organizations can apply the business impact analysis methodology to remediate risk within the network security infrastructure – and ensure security is business driven. Risk lurks in all corners of any business: from operational, financial and strategic risk, to IT and security risk. The potential consequences of those risks include loss of revenue and possible legal action, to application outages and inability to deliver key customer services. To address these issues, enterprises typically use a range of approaches – from the non-technical (such as business risk assessments) to the highly…
A new study by Adobe projects Holiday Ecommerce To Hit Record $107B in 2017; Mobile Will Lead In Visits, based on Adobe data capturing an estimated 80% of online transactions from the top 100 US Web retailers. Employees who use their corporate email accounts (either to shop or to verify ID for a personal email account) can substantially increase their employer’s risk of cyber breach-enabling compromised credentials. IT security experts from InfoArmor commented below. Christian Lees, Chief Information Security Officer at InfoArmor: “Many organizations experience their peak season of compromised corporate credential ingestion during the holiday season. Considering the tremendous amount of time individuals spend at work, naturally…
A Chinese Group known as KeyBoy is targeting US companies with a specifically crafted Microsoft documents that uses the Dynamic Data Exchange (DDE) protocol to fetch/download remote malicious payloads. Michael Patterson, CEO at Plixer commented below. Michael Patterson, CEO at Plixer: “IT teams must be continuously vigilant and employees need to be alerted to this latest espionage threat. Employees should be extra careful not to click on a Microsoft Word Document, especially if it is received from someone they don’t know. Even when it is received from someone familiar, a quick call should be placed to confirm the document is…
A new study by the Ponemon Institute quantifies “The Impact of Data Breaches on Reputation and Share Value” and a new Gallup Poll finds that cybercrime tops America’s crime concerns. IT security experts commented below. Atiq Raza, CEO at Virsec Systems: “Far too many businesses have been marketing a “don’t worry, be happy” message about cyber security, that flies in the face of reality. This is causing a serious erosion in trust, but may have some healthy results. Consumers need better information about structural problems in cyber security, and objective analysis along the lines of Consumer Reports, about how well companies are protecting their data. Customers should punish…
75% Of Organizations Report No Strategy To Manage And Secure DevOps Secrets CyberArk (NASDAQ: CYBR), the global leader in privileged account security, today announced that DevOps and security professionals have worrying knowledge gaps about where privileged accounts and secrets exist across the IT infrastructure, according to the first findings to be released from CyberArk’s Advanced Threat Landscape 2018 report. When offered several options ranging from PCs / laptops to microservices, cloud environments and containers, nearly all (99%) failed to identify all places where privileged accounts or secrets exist. The option where the highest levels of unawareness existed was source code repositories such as GitHub, with…
News has surfaced that mobile software found on Google’s Play Store, the official application marketplace, contains malware that could infect Android devices and clandestinely mine cryptocurrency. Javvad Malik, Security Advocate at AlienVault commented below. Javvad Malik, Security Advocate at AlienVault: “Criminals will tend to follow the trend to maximise their chance of success. As mobiles dominate the market with users using them more and more for every day tasks, and as they get more powerful, it makes sense for criminals to focus efforts on infecting mobile devices. Users should exercise caution when downloading apps, even from legitimate app stores, be wary of the permissions…
It has been reported that Hacking group The Dark Overlord is threatening to leak the internal client data of top Hollywood production studio Line 204. The seemingly international group of hackers, which recently targeted streaming giant Netflix and a London-based plastic surgeon’s office, provided evidence that it had accessed the firm’s customer database. “As with all of our friends who don’t accept one of our handsome business proposals, we’ll handle them appropriately by publicly releasing all their client data, documents, intellectual property, and other sensitive documentation,” the group said via encrypted chat. When you visit Line 204’s website, you are…
Paul Blore, MD at Netmetix, Cloud Network Specialists: WiFi still remains vulnerable but the majority of businesses think that simply because they’re using encryption on their WiFi network, that it makes it secure – it doesn’t. Whilst unnerving for businesses, the recent KRACK flaw within the design of WPA2 wireless protocol has exposed a very specific risk that would allow a hacker to effectively decrypt the WiFi encryption, it doesn’t necessarily present a significant risk to users. Any secure websites such as banking, or online retailing, use an additional browser encryption layer over and above the WiFi WPA2 encryption and…
It’s being reported this morning that over 46 million Malaysians have been affected by a severe and wide-ranging data breach, mostly stolen from Malaysian telecoms companies, but also including some 80,000 medical records. Records including mobile phone numbers, names and SIM card data is also among the information stolen. IT security experts commented below. Kyle Wilhoit, Senior Cybersecurity Threat Researcher at DomainTools: “The size of this data breach, and the type of data stolen is a particular cause for concern. Data such as addresses, phone numbers, account user names and SIM card data all fall into the definition of PII, and could therefore be…
