As part of our expert panel question series, we have the following question for the month of March 2017 to our expert panel members. Cyberattacks has no boundaries and hackers usually collaborate across boundaries, while law enforcement agencies not. How can we collaborate at global level to fight against these new type of attacks with no boundaries? Experts Responses: A.N. Ananth CO-FOUNDER AND CEO, EventTracker Defending the network today requires both a detailed understanding of the internal assets and tactics, techniques and procedures that are prevalent with attackers. Threat intelligence sharing via global threat feeds is an excellent resource to…
ISBuzz Team
A group of security researchers say that they can extract information from an Amazon Web Services virtual machine by probing the cache of a CPU it shares with other VMs in the cloud. While largely theoretical, the research shows why many organisations are willing to pay for dedicated instances in the cloud, and points to potential security issues in multi-tenant environments. Javvad Malik, Security Advocate at AlienVault commented below. Javvad Malik, Security Advocate at AlienVault: “When you use the cloud, you’re essentially putting control of your data and infrastructure into the hands of a third-party. Should an issue emerge on their side of the…
Buzzfeed has reported a possible flaw in Office 365 whereby files are uploaded publicly by default rather than privately to docs.com, which just so happens to have a search function. IT security experts from FireMon, Comparitech, Synopsys and Alert Logic commented below. Paul Calatayud, Chief Technology Officer at FireMon: This is a good example of awareness when it comes to using cloud applications. Many people do not read the fine print when it comes to “free”. In past cases, I recall one company providing free photo storage only to later be discovered that by using that service you were also handing rights over…
Following on from recent announcements, we thought it might be useful to summarise the general approach of HM Government to cyber security and highlight some of the resources that might be useful to UK-based (and possibly non UK-based) organizations. Cyber security was identified as one of four major threats to the UK in the Government’s National Security Strategy in 2015. As a quick reminder, the UK government has allocated £1.9 billion towards the problem of cyber security and is approaching it from four angles: DEFEND – try to stop it happening DETER – hunt down those that do it DEVELOP…
Data from cyber insurance provider CFC Underwriting finds that 38% of its claims in 2016 could have been avoided if better education and training processes were in place LONDON. New research from specialist cyber insurance provider, CFC Underwriting reveals that over a quarter of UK based SMEs (27%) are still failing to educate and train their staff on the threat of a cyber-attack. 38% of CFC’s claims in 2016 were caused by phishing scams, meaning that they could arguably have been avoided if staff were trained properly. Over a quarter of SMEs (26%) say that they do not train and educate their staff…
The House of Representatives passed a Bill that will repeal broadband privacy rules put forward by the Obama administration and is just one signature away from majorly impacting US citizen’s privacy. Comparitech.com has found that the number of new VPN subscriptions in the US have already surged by 239%*. Google trends support this sharp rise in searches on VPN by Americans looking to safeguard their privacy. Paul Bischoff, Privacy Advocate at Comparitech.com commented below. Paul Bischoff, Privacy Advocate at Comparitech.com: “In just under 24 hours after the House of Representatives passed a Senate resolution to repeal broadband privacy rules in the United States, we have…
Following the news about Ghost in the Shell releases in cinemas across the UK, this futuristic sci-fi fantasy explores the realms and evolution of artificial intelligence and the power of the synergy between man and machine. Gunter Ollmann, CSO at Vectra Networks commented below. Gunter Ollmann, CSO at Vectra Networks: “Just as Ghost in the Shell took its inspiration from Arthur Koestler’s Ghost in the Machine with his thoughts behind the mind-body relationship, recent advancements in security technology see AI taking over much of the ‘muscle-memory’ work of repetitive investigation and response processes. “The premise of Ghost in the Shell is that the…
Google is planning on engineering JavaScript modals to work on a per-tab basis, rather than the per-window approach used today to make it easier for users to close potentially malicious popups. Fraser Kyne, EMEA CTO at Bromium commented below. Fraser Kyne, EMEA CTO at Bromium: “We are seeing increasingly sophisticated methods of scare-tactics being used to trick users into activating malware. Pop-ups like those that Google is seeking to address are often designed to do just that, with clever features such as buttons that look like they will close the pop-up actually being a part of it; redirecting the user…
Last year, the UK Government urged businesses to better protect themselves after it revealed that at least two thirds of large organisations in the country had suffered a cyber breach or cyber attack in the past year. According to the 2015 Information Security Breaches Survey produced by the Department for Business Innovation & Skills, the average cost of these breaches for a small company was anywhere between £75k – £311k, whilst a large business could lose up to £3.14m; enough to collapse even the most financially robust enterprise. These figures present a sobering fact: cyber security is fundamental to business continuity and the future…
How businesses must adopt greater strategic back-up flexibility The fast-changing regulatory and political landscape, not to mention the rising sophistication of cyber criminals, puts massive pressure on corporate data governance. The forthcoming General Data Protection Regulation (GDPR) will see more stringent rules around the handling of data in the European Union, even for UK business trading in Europe after Brexit – which will put strain on every aspect of international trade and business practice. Enterprises must be completely informed regarding data management if they are not to be caught out during the next months and years. Indeed, if they cannot…
