The leading story in the weekend’s Telegraph was that Britain’s airports and nuclear power stations have been told to tighten their defences against terrorist attacks in the face of increased threats to electronic security systems. Security services have issued a series of alerts in the past 24 hours, warning that terrorists may have developed ways of bypassing safety checks. Mark Kuhr, CTO and Co-Founder at Synack leaders in crowd security intelligence and penetration testing commented below. Mark Kuhr, CTO and Co-Founder at Synack: “The adversary is innovative and creative. Cybercriminals and state-sponsored actors will target high-value assets like critical infrastructure to achieve…
ISBuzz Team
Following news that UK firms are being targeted by China-based global hacking group, APT10, Matt Walmsley, EMEA Director at Cyber Security Company Vectra Networks commented below. Matt Walmsley, EMEA Director at Vectra Networks: “This latest act of cybercrime has worrying implications for organisations and the cloud service providers hosting their data and applications, with intellectual property compromised as well as personally identifiable information (PII). The fact the activities were aligned with Chinese Standard Time could imply a concerning involvement of Chinese nationals, either working alone or at a state level, to harvest valuable data such as proprietary data on new products that could…
The “Big Data” movement has made its way into every facet of business, especially the security organization. There is an expectation to protect all parts of the enterprise infrastructure, including network, endpoints, cloud, virtual machines and more. Leaving the pure volume of data to monitor, analyze and protect across the enterprise framework a nearly impossible feat. Security organizations across all industries, especially highly regulated environments, need to take a step back, strategically evaluate the personally identifiable “sensitive” data that is housed within the enterprise, or organization, including such items as intellectual property, financial data and any personally identifiable information from…
Following the news about WhatsApp backdoor to encryption proposals made by Vera Jourova, Wieland Alge, General Manager EMEA at Barracuda Networks commented below. Wieland Alge, General Manager EMEA at Barracuda Networks: “EU Justice Commissioner Věra Jourová has said that the European Commission will propose new measures in June to make it easier for police to access data on internet messaging apps like WhatsApp. While she hasn’t yet revealed exactly what these measures will look like, the idea of the legislation is that they will allow law enforcement authorities to demand information from internet messaging apps. But in practice, how will this actually work? In…
This week, U.S. healthcare organizations celebrate Patient Safety Awareness Week,which is traditionally focusedon reducing patient harm during on-site medical care. What many fail to consider is that information security is also a critical component of patient safety. An organization’s inattention to cybersecurity can be dangerous to patients, affecting their safety, identity and financial welfare. IBM predicts the healthcare industry will see a growing number of data security threats in 2017, with exploitable information in electronic health records (EHR) continuing to fetch a high price on the black market. Regardless of the constant pressure put on healthcare organizations to lower healthcare…
Following the news that people have been uploading highly sensitive documents to a Microsoft cloud sharing service, seemingly unaware the material is public by default and so could be vulnerable to online criminals. Leo Taddeo, Chief Security Officer at Cryptzone commented below. Leo Taddeo, Chief Security Officer at Cryptzone: “While there is no evidence of a security flaw in docs.com, the default setting exposed the user to significant risks. A better option would be to require the user to opt out of a more secure setting after acknowledging the potential for exposure to the public. The lesson here for organizations is that their employees won’t always…
Following the news that airports and nuclear power stations have been told to tighten their defences against terrorist attacks in the face of increased threats to electronic security systems. IT security experts from Infoblox and Thales e-Security commented below. Dr. Malcolm Murphy, Technology Director at Infoblox: “Attacks against IT networks are becoming increasingly common and, if carried out against critical national infrastructure, can represent a significant threat to national security. In addition to the damage caused to the networks themselves, a DDoS attack on an organisation’s Domain Name System can be used to prevent communication of and around the attacks, causing confusion and panic…
Following the news that Critical National Infrastructure is coming under attack from cyber criminals, Joep Gommers, CEO at EclecticIQ commented below. Joep Gommers, CEO at EclecticIQ: “With the threat landscape evolving, and attacks becoming ever-more sophisticated, having time to stop and think about the actor behind the malicious intent may seem like a luxury. However, businesses and governments need to start looking at cyberattacks from the adversary’s perspective, pinpointing the actor’s motivation behind the attack. Until those actor’s motivations are fully understood, any attempt to prevent attacks, on critical infrastructure or otherwise, will be based on the outcome of the attack rather than providing…
What appears to be a new version of the Mirai malware was behind a massive DDoS attack that targeted an unnamed US college and lasted for 54 hours straight, reports cyber-security firm Incapsula, who was providing DDoS mitigation service for the affected college. Sean Newman, Director at Corero Network Security commented below. Sean Newman, Director at Corero Network Security: “We’ve become used to hearing about massive saturating DDoS attacks in the news and associating that with the primary way in which the DDoS threat landscape is evolving. There’s no denying the pandemic levels that those types of attacks are reaching however,…
IT security is not very hard at all. Provided, you only consider one security issue to the exclusion of all other concerns. What makes security so difficult is the need to address more than one security issue at once and to balance security concerns with the need to get the job done. For two decades, the nuclear launch code for Minuteman nuclear missiles was 00000000. Concerned by the threat of an accidental or unauthorized launch, President Kennedy had signed an order requiring every missile to be fitted with a Permissive Action Link requiring the code be provided before launch. Strategic Air…
