Article on behalf of: Dr Anthony Palmer, UK Principle Consultant, Ilex International – identity and access management specialists Introduction Identity and access management (IAM) offers many business enhancement opportunities. This management discipline should not be regarded simply as a tool to repair technological problems. Chief Information Security Officers (CISOs) often encounter a lack of organisational understanding and difficulties in communicating the business value proposed by an IAM project. Historically, much emphasis has been placed on technical enhancements that do not appear to directly address business objectives or align with IT strategies. Organisational stakeholders are very cautious in prioritising IAM initiatives…
Author: ISBuzz Team
Following the news about The World Anti-Doping Agency (Wada) condemnation of Russian hackers for leaking confidential medical files of star US Olympic athletes – Simone Biles and Serena Williams, IT security expert Troy Gill, Manager of Security Research at AppRiver commented below. Troy Gill, Manager of Security Research at AppRiver: “All organisations that hold sensitive data need to handle data security with the utmost importance. This means maintaining or exceeding current standards on how data is best handled, both at rest and in transit. In addition, these organisations should focus on securing their entire organisation at all levels. This includes everything…
Kaspersky Lab experts have discovered a new malicious app on the Google Play store: “Guide for Pokémon Go”, capable of seizing root access rights on Android smartphones and using that to install/uninstall apps and display unsolicited ads. The app has been downloaded more than 500,000 times, with at least 6,000 successful infections. Kaspersky Lab has reported the Trojan to Google and the app has been removed from Google Play. The global phenomenon of Pokémon Go has resulted in a growing number of related apps and, inevitably, increased interest from the cybercriminal community. Kaspersky Lab’s analysis of the “Guide for Pokémon Go” Trojan has uncovered malicious code that downloads rooting…
Fortune and other outlets have reported that New York’s governor and top banking regulator have just proposed regulations that would require the state’s banks to establish definitive cyber security programs to protect customer and institutional data. Requirements would include (but not be limited to): hiring a chief information security officer; implementing infrastructure, policies and practices to detect and thwart attacks; and notifying the NY Department of Financial Services of a material breach within 72 hours. IT security experts from VASCO Data Security and Lastline commented below. John Gunn, VP of Communications at VASCO Data Security: “While we applaud the positive elements of the…
The National Audit Office has issued a report criticising the UK government’s approach to cyber security. The report says that the GCHQ dealt with 200 “cyber national security incidents” per month in 2015 and that there were 8,995 data breaches in the 17 largest government departments in 2014/15. This news comes just ahead of the UK government launching the National Cyber Security Centre next month. IT Security Experts from Digital Guardian, WhiteHat Security, Barracuda Networks, Veracode and Ipswitch commented below. Luke Brown, VP and GM EMEA, India and LatAm at Digital Guardian: “Public and private organisations alike have a duty of care, not to…
Security researchers have found that a DDoS attack could take down the universal 9-1-1 emergency helpline that provides the most critical services. Warnings about this type of attack have previously been issued by the Department of Homeland Security as well as the FBI. If a DDoS attack targeted an emergency helpline service, 9-1-1’s maximum capacity to take calls would be reached and people with real emergencies could not get through. Researchers found that all it took was a smartphone infected by a particular malware that would create a botnet – an organized system of bots controlled by its creator who…
Software development has long been seen as an important skill. Initially when someone said they wanted to become a software developer, it would require years of training, practice and experience. However, today software development can be carried out by almost anyone with little technical knowledge required. The rise in low code platforms is fuelling this capability within businesses and unleashing a new generation of business coder. It has become far easier and accessible for employees unskilled in IT to become a citizen developer, creating new business applications sanctioned by corporate IT. Low code platforms provide the opportunity for citizen developers to…
The World Anti-Doping Agency (Wada) has condemned Russian hackers for leaking confidential medical files of star US Olympic athletes. Athletes affected include tennis players Venus and Serena Williams and teenage gymnast Simone Biles. A group calling itself “Fancy Bears” claimed responsibility for the hack of a Wada database. Mark James, Security Specialist at ESET commented below. Mark James, Security Specialist at ESET: “Data breaches come in all shapes and sizes and cause varying degrees of damage, the most common of course is more of your private data (usernames, passwords, DOB, addresses etc.) making its way onto the internet but sometimes…
Investigation Tracks Hospital Ransomware Payments Through Bitcoin Accounts; Ransomware, Mobile, and Macro Malware Threats Surge in Q2 2016 NEWS HIGHLIGHTS Intel Security tracks $100,000 in targeted hospital ransomware payments through suspect Bitcoin accounts; investigates operations of $121 million ransomware network Intel Security survey shows healthcare and manufacturing sectors are among the least prepared to prevent data loss More than 25% of companies surveyed do not monitor sharing of or access to employee or customer data Only 37% of organisations surveyed use endpoint monitoring of user activity and physical media activity 90% of respondents have cloud protection strategies, but only 12%…
The IoT (Internet of Things), once a buzzword for marketing is now the intelligence in action. Seeping its roots into Artificial Intelligence and Big Data Analytics, major companies like Intel, Verizon, Telenor has now keen interest in pursuing IoT. So, what is Internet of Things? At its core, IoT is a concept of connecting our personal devices into a single cohesive network. In simple words, it works on the basis of “Anything that can connect to internet, will connect to the internet.” How does it affect us? Suppose your presence is expected at a meeting at 10 a.m. and your…