Robert Hannigan, head of UK’s GCHQ, is reported to be seeking practical cooperation from the technology industry on how to balance the strong encryption that protects individuals’ privacy, with government and agency needs to access criminal and terrorist communications. He was speaking as the debate between Apple & the FBI continues, and after the UK Government’s Investigatory Powers Bill (dubbed The Snoopers’ Charter) was debated again in the House of Commons last month. Here to comment on this news is Michael Hack, senior vice president of EMEA operations at Ipswitch. Michael Hack, senior vice president of EMEA operations at Ipswitch comments, “Data encryption is only secure if there…
ISB Editorial Staff
According to a report cited by Bank Info Security publisher ISMG and in comments made directly to the WSJ,the FBI is reporting that ransomware is surging. Here to comment on this news is security expert, John Gunn. John Gunn, VP of Communications, VASCO Data Security, comments: With hacking such as ransonware, it’s almost always a game of numbers. If the odds of being a victim are close to 1 in 100,000, then most users will remain remarkably reckless in how they behave – the sites that they visit and the apps that they download. These are the same people that would never…
It doesn’t matter what industry you are in: passwords are going to be a major player in daily lives no matter where you are. Despite the famous 2004 prediction that the password is dead, it’s still kicking around today – along with an entire list of requirements and password policies in place to make it as secure as possible for any given environment. Interestingly enough, recent studies have shown that some of those policies – namely mandatory password changes – may not be all that we had originally thought them to be. Lorrie Faith Cranor, Chief Technologist at the Federal…
Data breaches are expensive. Gross costs stemming from Target’s infamous 2013 breach totaled $252 million. And the Ponemon Institute’s annual Cost of a Data Breach survey saw the cost for each compromised record had risen for the eighth consecutive year to approximately $150. Coupled with the number of data breaches reaching an all-time high in 2014 (a short-lived record likely to be beaten in 2015), it’s no surprise that cyberinsurance is in high demand. However, cyberinsurance should be viewed only as a safety net to protect financial interest, and not the foundation of a cybersecurity architecture. Interest in cyberinsurance has…
Microsoft has updated their Certificate Trust List (CTL) after the private key for xboxlive.com was leaked to the Web. The company didn’t explain how the leak happened, but the exposed certificates were immediately revoked and replaced. Patrick Hilt, CTO of MIRACL explains why this is still an issue despite Microsoft revoking the exposed certificates: “This incident underscores a fundamental architectural flaw inherent to the design of PKI, which is the security infrastructure that underlies digital certificates — that whoever holds a certificate authority’s root key can issue a legitimate certificate to perform a man in the middle attack, decrypting traffic that is meant to…
You’d be forgiven for wondering where to start when it comes to IT security in this brave new world of the cloud, mobility and the internet of things. Sadly neither barbed wire nor your very own Jedi Knight are likely to be of any great help. The Met Police’s Operation Bumblebee, targeting burglary in London, offers advice on prevention covering everything from sheds and outbuildings to security alarms, property marking to bogus callers. And, of course, the wide variety of doors, windows and locks that are available. Let’s face it, there’s little point in setting the burglar alarm but leaving…
Microsoft has warned a U.S. appeals court that if it is forced to hand over emails stored on a server in Ireland, Internet user privacy worldwide would be demolished in a “global free-for-all.” U.S. prosecutors chasing a drugs investigation sought a search warrant in the U.S. to access the files, but Microsoft thinks the action should be taking place on Ireland’s soil, where the information is stored: http://www.theregister.co.uk/2015/09/10/microsoft_datagrab_irish_email_case/ Tripwire’s Director of IT Security and Risk Strategy, Tim Erlin, provided the following comments: [su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of IT Security and Risk Strategy, Tripwire It’s tempting to think that data stored in…
LockerPIN sets or changes the device’s PIN lock, unbeknownst to the user as it locks the screen and demands a $500 ransom. Researchers from ESET, a global leader in IT security for more than two decades, discovered in the wild the first Android PIN-settingransomware . Based on ESET’s statistics, the majority of the infected Android devices is in the USA with a complete percentage share of over 75%. This appears to be part of a trend where Android malware writers are shifting from mostly targeting Russian and Ukrainian users to Americans where they can arguably make higher profits, with Europe…
2015 has seen some of the most crippling data breaches in history. In February, health insurance provider Anthem revealed a data breach thatcompromised 80 million records of both patients and employees. The same month, a breach revealed by BlueCross BlueShield affected 11.2 million subscribers and exposed data such as Social Security numbers and even bank account information. In June of this year, the Office of Personnel Management revealed possibly the most crippling data breach of all time. One that caused the Director, Katherine Archuleta to tender her resignation one month later. The data compromised in this breach consisted of government…
There has been a great deal of growth in the identity and access management (IAM) industry recently, and the trend is predicted to remain steady for the foreseeable future. This has led many news outlets and organizations to take notice and focus on these solutions and exactly what they are. This buzz has many wondering why there is so much growth in a seemingly mature market. There are some simple explanations for the growth. In the past, IAM projects have been a massive undertaking, which cost organizations a great deal of money and time to implement. The solutions were considered…